You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can trust these sources and trust that they are properly seeded
LibreSSL
CryptGenRandom
/dev/urandom
avoids OpenSSL's RNG.
Simple
The scripts are simple enough to
understand
own, instead of adding as dependencies
copy-and-paste into your code (hence a Gist, not a repo)
debug
In case of failure
The scripts will fail in some PHP runtime environments, for example:
Windows: if PHP has no mcrypt or OpenSSL extension, or if PHP is too old
Linux/BSD: if PHP has no mcrypt extension, cannot read from /dev/urandom
(e.g. because open_basedir) and has no OpenSSL extension
compiled against LibreSSL
If you experience an 'Unable to generate a random key' exception, try the testPlatform.php script.
It prints info with which you can figure out all the branches in randomBytes().
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Look at random integers in 0 thru 999
php test.php 1 0 999 | less
// Look at random UUIDs
php test.php 2 | less
To statistically test for randomness of the function outputs, install
dieharder.
There are packages called dieharder on OS X Homebrew, Ubuntu and Debian. Others can compile the source.
Dieharder takes a long time but is very thorough. With LibreSSL it's OK, otherwise allow plenty of
time. The UUID test and all the randomInt() tests are horribly slow.
// Test randomBytes() with 8192-byte length by sending the output to dieharder
$ php test.php 3 8192 | dieharder -g 200 -a
// Test `randomInt()` with max possible range by converting to 4 or 8-byte strings
$ php test.php 4 | dieharder -g 200 -a
// Test `randomInt()` with range 0 to 255 and random offset, convert to 1-byte strings before output
$ php test.php 5 1 | dieharder -g 200 -a
// Test `randomInt()` with range 0 to 256^3-1 and random offset, convert to 3-byte strings before output
$ php test.php 5 3 | dieharder -g 200 -a
// Convert the random substrings of UUIDs to bytes
$ php test.php 6 | dieharder -g 200 -a
Performance
On OS X 10.10.5 and PHP 5.6.16 with LibreSSL 2.3.1
Without the complex preg_match() stuff it goes up to 435 MiB/s. OpenBSD should be fast too.
Probably also NetBSD since 7.0.
On the same OS X machine I see 18.5 MiB/s with PHP 7.0 or with PHP 5.6 using mcrypt or
/dev/urandom – that's the rate of OS X's Yarrow RNG. On Linux I get 14.5 MiB/s.
Licenses
New stuff in this Gist
All files except randomStuff.php are original in this
Gist and have the following copyright and license.
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Modified Yii 2.0 code in this Gist
I extracted the code in randomStuff.php from Yii 2.0, hence that file
has its following copyright and license. See also
Yii License.
The Yii framework is free software. It is released under the terms of
the following BSD License.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Yii Software LLC nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.