Наш чат в Telegram для обмена идеями, проектами, мыслями, людьми в сфере ИТ г.Ростова-на-Дону: @it_rostov


(PHP 7)

random_bytes — Generates cryptographically secure pseudo-random bytes


string random_bytes ( int $length )

Generates an arbitrary length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors.

The sources of randomness used for this function are as follows:

  • On Windows, » CryptGenRandom() will always be used.
  • On Linux, the » getrandom(2) syscall will be used if available.
  • On other platforms, /dev/urandom will be used.
  • If none of the aforementioned sources are available, then an Exception will be thrown.

Замечание: Although this function was added to PHP in PHP 7.0, a » userland implementation is available for PHP 5.2 to 5.6, inclusive.

Список параметров


- The length of the random string that should be returned in bytes.

Возвращаемые значения

Returns a string containing the requested number of cryptographically secure random bytes.


  • If an appropriate source of randomness cannot be found, an Exception will be thrown.
  • If invalid parameters are given, a TypeError will be thrown.
  • If an invalid length of bytes is given, an Error will be thrown.


Пример #1 random_bytes() example

$bytes = random_bytes(5);

Результатом выполнения данного примера будет что-то подобное:

string(10) "385e33f741"

Смотрите также

  • random_int() - Generates cryptographically secure pseudo-random integers
  • openssl_random_pseudo_bytes() - Generate a pseudo-random string of bytes
  • bin2hex() - Преобразует бинарные данные в шестнадцатеричное представление

function RandomToken($length = 32){
    if(!isset($length) || intval($length) <= 8 ){
      $length = 32;
    if (function_exists('random_bytes')) {
        return bin2hex(random_bytes($length));
    if (function_exists('mcrypt_create_iv')) {
        return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
    if (function_exists('openssl_random_pseudo_bytes')) {
        return bin2hex(openssl_random_pseudo_bytes($length));
function Salt(){
    return substr(strtr(base64_encode(hex2bin(RandomToken(32))), '+', '.'), 0, 44);
echo (RandomToken());
echo "\n";
echo Salt();
echo "\n";
This function is same as above but its only used for debugging
function RandomTokenDebug($length = 32){
    if(!isset($length) || intval($length) <= 8 ){
      $length = 32;
    $randoms = array();
    if (function_exists('random_bytes')) {
        $randoms['random_bytes'] = bin2hex(random_bytes($length));
    if (function_exists('mcrypt_create_iv')) {
        $randoms['mcrypt_create_iv'] = bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
    if (function_exists('openssl_random_pseudo_bytes')) {
        $randoms['openssl_random_pseudo_bytes'] = bin2hex(openssl_random_pseudo_bytes($length));
    return $randoms;
echo "\n";
print_r (RandomTokenDebug());

niklongstone at gmail dot com5 months ago
In order to handling better the result, could be useful to combine random_bytes with the unpack function, because gives more flexibility.
$bytes = random_bytes(10);
$value = unpack('H*', $bytes);
array(1) { [1]=> string(20) "5f655db3ae43c256937b" }

Описание на ru2.php.net
Описание на php.ru