Laravel str_random() or custom function?

Question

Is the Laravel str_random() function random enough so that I can use it for IDs?

For example:

str_random(32); 

This produces a random string of length 32 made up of alphanumeric characters [a-zA-z0-9] (62 characters in total).

Which equates to 2272657884496751345355241563627544170162852933518655225856 possibilities.

However, my question is, is this going to be good enough? Or should I consider using UUIDs or another custom function.

Answer 1

str_random (Str::random()) tries to use openssl_random_pseudo_bytes which is a pseudo random number generator optimized for cryptography, not uniqueness. If openssl_random_pseudo_bytes is not available, it falls back to quickRandom():

public static function quickRandom($length = 16) {     $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';      return substr(str_shuffle(str_repeat($pool, 5)), 0, $length); } 

In my opinion quickRandom code is not reliable for uniqueness nor cryptography.

Yes, having openssl_random_pseudo_bytes and using 32 bytes is almost impossible to see a collision, but it's still possible. If you want to make sure your strings/numbers will be unique (99.99%), you better use a UUID function. This is what I normally use:

/**  *   * Generate v4 UUID  *   * Version 4 UUIDs are pseudo-random.  */ public static function v4()  {     return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',      // 32 bits for "time_low"     mt_rand(0, 0xffff), mt_rand(0, 0xffff),      // 16 bits for "time_mid"     mt_rand(0, 0xffff),      // 16 bits for "time_hi_and_version",     // four most significant bits holds version number 4     mt_rand(0, 0x0fff) | 0x4000,      // 16 bits, 8 bits for "clk_seq_hi_res",     // 8 bits for "clk_seq_low",     // two most significant bits holds zero and one for variant DCE1.1     mt_rand(0, 0x3fff) | 0x8000,      // 48 bits for "node"     mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)     ); } 

It generates a VALID RFC 4211 COMPLIANT version 4 UUID.

Check this: https://en.wikipedia.org/wiki/Universally_unique_identifier#Collisions

Answer 2

you can use this

use Illuminate\Support\Str;  $random = Str::random(40);