random_bytes

Description

Generates a string containing uniformly selected random bytes with the requested length.

As the returned bytes are selected completely randomly, the resulting string is likely to contain unprintable characters or invalid UTF-8 sequences. It may be necessary to encode it before transmission or display.

The randomness generated by this function is suitable for all applications, including the generation of long-term secrets, such as encryption keys.

The sources of randomness in the order of priority are as follows:

• Linux: » getrandom(), /dev/urandom

• FreeBSD >= 12 (PHP >= 7.3): » getrandom(), /dev/urandom

• Windows (PHP >= 7.2): » CNG-API

  Windows: » CryptGenRandom

• macOS (PHP >= 8.2; >= 8.1.9; >= 8.0.22 if CCRandomGenerateBytes is available at compile time): CCRandomGenerateBytes()

  macOS (PHP >= 8.1; >= 8.0.2): arc4random_buf(), /dev/urandom

• NetBSD >= 7 (PHP >= 7.1; >= 7.0.1): arc4random_buf(), /dev/urandom

• OpenBSD >= 5.5 (PHP >= 7.1; >= 7.0.1): arc4random_buf(), /dev/urandom

• DragonflyBSD (PHP >= 8.1): » getrandom(), /dev/urandom

• Solaris (PHP >= 8.1): » getrandom(), /dev/urandom

• Any combination of operating system and PHP version not previously mentioned: /dev/urandom
• If none of the sources are available or they all fail to generate randomness, then a Random\RandomException will be thrown.

Note: Although this function was added to PHP in PHP 7.0, a » userland implementation is available for PHP 5.2 to 5.6, inclusive.