Author: Manuel Lemos
Viewers: 86
Last month viewers: 9
Categories: PHP Tutorials, PHP Security, News
PHP 8.3 will add more functions to generate random values for strings and floating-point numbers.
Please read this short article to learn more about the \Random\Randomize class functions and how you can use these functions in your PHP applications to make them more secure against possible attacks to current cryptography methods that in the future will be more vulnerable due to the availability of faster CPUs, including those that will use quantum computing.
In this article you will learn about:
1. Why You Need to Use the PHP Randomizer Class
2. What Will the \Random\Randomizer Will Do in PHP 8.3
3. How you Can Benefit From the \Random\Randomizer New Features When PHP 8.3 Will be Available
4. How Can You Benefit of PHP 8.3 \Random\Randomizer Class New Features Today
1. Why You Need to Use the PHP Randomizer Class
Random numbers are valid for applications that can be hard to predict.
Let's say that you want to create secret pages on your site so that only people with a secret URL know that they exist.
You can create a secret string for the identifier of those pages and then use that string as a parameter in the page URL that you will share with the few people that will know about the secret pages.
For instance, Google Drive uses this technique to allow its users to share documents with secret URLs. The users can access those pages without remembering another password. The secret identifier of the pages acts like a password.
PHP has random number generation functions since older PHP versions like PHP 4. For instance, the rand() function can generate random integer numbers.
This works, but you need to write additional to create random strings. Some developers use hashing functions to create random strings from random integer numbers.
$random_string = hash('ripemd160', rand(0, getrandmax()));
Despite this work, it is not an approach that will always be very secure. First, the rand() function is not cryptographically secure. This means the "random" number it may generate may be predictable in certain circumstances.
PHP added more random value generation functions in more recent versions. PHP 8.2 introduced the \Random\Randomizer class.
It provides several functions that provide random values, such as strings, integers, and floats. It also provides functions for other purposes that require random values, like randomly shuffling the order of array values.
This class is more practical and can be more secure in the future, given the evolution of quantum computing that will be able to break the current cryptography methods because it will enable the creation of CPUs that will be much faster than today's CPUs.
If you use the \Random\Randomizer class, the PHP developers will evolve it to use more potent cryptography methods that will be more robust to protect your applications against future security attacks.
final class Random\Randomizer { /* Properties */ public readonly Random\Engine $engine; /* Methods */ public __construct(?Random\Engine $engine = null) public getBytes(int $length): string public getInt(int $min, int $max): int public nextInt(): int public pickArrayKeys(array $array, int $num): array public __serialize(): array public shuffleArray(array $array): array public shuffleBytes(string $bytes): string public __unserialize(array $data): void }
2. What Will the \Random\Randomizer Will Do in PHP 8.3
PHP 8.3 will continue to evolve the capabilities of the \Random\Randomizer class.
For instance, it will allow the generation of random strings of a given length using the getBytesFromString function.
It will also be able to generate random float numbers within a minimum and maximum range value using the getFloat. The getNextFloat function will allow developers to get the next random float value within the same range.
Here is the declaration of the new functions from the RFC specification document of the PHP 8.3 additions of the \Random\Randomizer class.
namespace Random; final class Randomizer { // [...] public function getBytesFromString(string $string, int $length): string {} public function nextFloat(): float {} public function getFloat( float $min, float $max, IntervalBoundary $boundary = IntervalBoundary::ClosedOpen ): float {} } enum IntervalBoundary { case ClosedOpen; case ClosedClosed; case OpenClosed; case OpenOpen; }
3. How you Can Benefit From the \Random\Randomizer New Features When PHP 8.3 Will be Available
The examples of application from the RFC document for the PHP 8.3 improvements are very good. You should look at this page to read about several examples of application the new functions.
I like in particular the example code for generating a random DNA sequence that looks like this.
$randomizer = new \Random\Randomizer(); var_dump( $randomizer->getBytesFromString('ACGT', 30) ); // string(30) "CGTAGATCGTTCTGATAGAAGCTAACGGTT"
4. How Can You Benefit of PHP 8.3 \Random\Randomizer Class New Features Today
PHP 8.3 is expected to be released around November and December of 2023. So, for now, you can benefit from PHP 8.3 if you build it from the PHP source code.
You can get the latest PHP 8.3 source code by accessing the master branch of the Git repository in GitHub. It contains instructions to build PHP from the source for different platforms like Linux or Windows.
If building from PHP from the source code is too complicated for you, you may try a different alternative to use a class like \Random\Randomizer that emulates that class functions in the current PHP version that you are using.
Just try implementing the following functions using built-in PHP functions available in the PHP version you want to use.
Here is the definition of the class so that you can get started. If you implement this emulation class, share it on the PHP Classes site. It will certainly be very welcomed and undoubtedly innovative. This way, you can be a serious candidate to win the PHP innovation award of the month.
final class Random\Randomizer { /* Properties */ public readonly Random\Engine $engine; /* Methods */ public __construct(?Random\Engine $engine = null) public getBytes(int $length): string public getInt(int $min, int $max): int public nextInt(): int public pickArrayKeys(array $array, int $num): array public __serialize(): array public shuffleArray(array $array): array public shuffleBytes(string $bytes): string public __unserialize(array $data): void public function getBytesFromString(string $string, int $length): string {} public function nextFloat(): float {} public function getFloat( float $min, float $max, IntervalBoundary $boundary = IntervalBoundary::ClosedOpen ): float {} } enum IntervalBoundary { case ClosedOpen; case ClosedClosed; case OpenClosed; case OpenOpen; }
You need to be a registered user or login to post a comment
Login Immediately with your account on:
Comments:
No comments were submitted yet.