When converting "random bytes" to a string, is there any difference as to whether I should use base64_encode or bin2hex?
$bytes = openssl_random_pseudo_bytes(32); // alternatively read from /dev/urandom
echo base64_encode($bytes); // some 44 character string
echo bin2hex($bytes); // some 64 character string
To use as a salt for bcrypt, obviously modified base64 is the correct choice because that is what's expected. But for contexts like account sign-up confirmation key or a unique non-sequential object identifier, which is the correct choice?
I am aware of the random_compat library but this is for learning purposes as well.
Aucun commentaire:
Enregistrer un commentaire