function drupal_random_bytes

Returns a string of highly randomized bytes (over the full 8-bit range).

On PHP 7 and later, this function is a wrapper around the built-in PHP function random_bytes(). If that function does not exist or cannot find an appropriate source of randomness, this function is better than simply calling mt_rand() or any other built-in PHP function because it can return a long string of bytes (compared to < 4 bytes normally from mt_rand()) and uses the best available pseudo-random source.

Parameters

int $count: The number of characters (bytes) to return in the string.

Return value

string A randomly generated string.

9 calls to drupal_random_bytes()
drupal_random_key in includes/bootstrap.inc
Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range).
UpdatePathTestCase::prepareD7Session in modules/simpletest/tests/upgrade/upgrade.test
Overrides UpgradePathTestCase::prepareD7Session().
update_fix_d7_requirements in includes/update.inc
Perform Drupal 6.x to 7.x updates that are required for update.php to function properly.
UpgradePathTestCase::prepareD7Session in modules/simpletest/tests/upgrade/upgrade.test
Prepares the appropriate session for the release of Drupal being upgraded.
user_password in modules/user/user.module
Generate a random alphanumeric password.

... See full list

File

includes/bootstrap.inc, line 2322

Code

function drupal_random_bytes($count) {
    if (function_exists('random_bytes')) {
        try {
            return random_bytes($count);
        } catch (Exception $e) {
            // An appropriate source of randomness could not be found. Fall back to a
            // less secure implementation.
        }
    }
    // $random_state does not use drupal_static as it stores random bytes.
    static $random_state, $bytes, $has_openssl;
    $missing_bytes = $count - strlen((string) $bytes);
    if ($missing_bytes > 0) {
        // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
        // locking on Windows and rendered it unusable.
        if (!isset($has_openssl)) {
            $has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes');
        }
        // openssl_random_pseudo_bytes() will find entropy in a system-dependent
        // way.
        if ($has_openssl) {
            $bytes .= openssl_random_pseudo_bytes($missing_bytes);
        }
        elseif ($fh = @fopen('/dev/urandom', 'rb')) {
            // PHP only performs buffered reads, so in reality it will always read
            // at least 4096 bytes. Thus, it costs nothing extra to read and store
            // that much so as to speed any additional invocations.
            $bytes .= fread($fh, max(4096, $missing_bytes));
            fclose($fh);
        }
        // If we couldn't get enough entropy, this simple hash-based PRNG will
        // generate a good set of pseudo-random bytes on any system.
        // Note that it may be important that our $random_state is passed
        // through hash() prior to being rolled into $output, that the two hash()
        // invocations are different, and that the extra input into the first one -
        // the microtime() - is prepended rather than appended. This is to avoid
        // directly leaking $random_state via the $output stream, which could
        // allow for trivial prediction of further "random" numbers.
        if (strlen((string) $bytes) < $count) {
            // Initialize on the first call. The contents of $_SERVER includes a mix of
            // user-specific and system information that varies a little with each page.
            if (!isset($random_state)) {
                $random_state = print_r($_SERVER, TRUE);
                if (function_exists('getmypid')) {
                    // Further initialize with the somewhat random PHP process ID.
                    $random_state .= getmypid();
                }
                $bytes = '';
            }
            do {
                $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
                $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
            } while (strlen($bytes) < $count);
        }
    }
    $output = substr($bytes, 0, $count);
    $bytes = substr($bytes, $count);
    return $output;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.