PHP - Generating tokens for transactions

Question

I need to generate one time use only and unique like Stripe tokens for a banking application (production only) to represent accounts and transactions, what would be a secure and appropriate method of doing this?

Could I use random_bytes()?

It would be preferable if the tokens were alphanumeric and not just numbers. For example, Stripe tokens look like tok_382r1O2IZ7IgsfwNFATX4xax

Additionally to provided answers - you might have used `base64` since it would be shorter than `bin2hex` — zerkms, Jul 24 '16 at 01:36

nathan · Answer 1 · 2016-07-23T22:45:14.560

13

You can use the function bin2hex to convert the bytes to a base 62 string.

$token = bin2hex(random_bytes(16)); //generates a crypto-secure 32 characters long

You can easily prefix this by just appending a string to the beginning.

edited Jul 23 '16 at 22:45

answered Jul 23 '16 at 22:38

nathan

427
1
3
11

score 2 · Answer 2 · answered Jul 23 '16 at 22:39

2

You could use the following:

bin2hex(openssl_random_pseudo_bytes(8))

Here are the docks on how to use this to your needs.

answered Jul 23 '16 at 22:39

Robert

10,126
19
78
130

score 1 · Answer 3 · answered Jul 23 '16 at 22:30

1

If you are using PHP 7 the new random_bytes() function is a secure random number/string generator and is the recommended way to do this ion PHP.

If you haven't migrated to PHP 7 yet there is a compatible alternative for PHP 5 at Github called random_compat.

answered Jul 23 '16 at 22:30

John Conde

217,595
99
455
496

Thanks, I have came across `random_bytes()` as i'm using PHP 7. – Brad Turner Jul 23 '16 at 22:42

PHP - Generating tokens for transactions

3 Answers3