I would like to generate a secure random integer between $min and $max in PHP5.6. Both rand() and mt_rand() in PHP are considered not to be Cryptographically-Secure.
From the docs:
Caution
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes() instead.
PHP 7 adds random_int() (docs), which fits my use-case perfectly:
random_int — Generates cryptographically secure pseudo-random integers
But how can this functionality be attained in PHP 5.6?
My naive attempt was this:
<?php
function secure_rand($min, $max)
{
return (unpack("N", openssl_random_pseudo_bytes(4)) % ($max - $min)) + $min;
}
But I seem to always get "2" when calling secure_rand(1, 100). I have also read that using a modulus operation in this way can create a bias. How can I emulate random_int() in PHP 5.6?
Aucun commentaire:
Enregistrer un commentaire