1

I have a query related to generating unique series of characters with PHP.

Assume that I want to create a web app which generates coupon/voucher codes for my business/application.

I would need the code to contain only alphabetic letters and numbers (no numbers) and heres the crucial part; the algorithm behind the generation needs to be secure. So no silly old algorithm where a user can crack the algorithm in 2 mins.

I am aware people can brute force codes regardless, but we should start by using a secure function to generate them. Is there built in functions already? Should I use just those functions or can/should I take it a step further and do something else?

At the moment in my research and experiments I found the uniqid() function and rand() function, but PHP explicitly tells you that they are "predictable" and should not be used where security is a concern.

halfer
  • 19,824
  • 17
  • 99
  • 186
Eclipse
  • 374
  • 2
  • 4
  • 17
  • 1
    Have you seen http://stackoverflow.com/q/219475/ and the linked pages? – Funk Forty Niner Apr 14 '15 at 13:29
  • Unless you have specific requirements for such codes, all you need is a good (P)RNG. For example: `/dev/urandom`. No real difference from any other random number generator. Have you looked at anything besides `uniqid` and `rand`? Researched PRNGs perhaps? – deceze Apr 14 '15 at 14:10
  • @deceze No i have not looked at that before. – Eclipse Apr 14 '15 at 14:16
  • Then I'll close this as duplicate, have a look. Ignore the first answer, as the comments are pointing out, it's no good. – deceze Apr 14 '15 at 15:02

0 Answers0