Skip to content
A library for generating random numbers and strings
PHP Makefile
Branch: master
Clone or download
Latest commit e9e0204 Sep 7, 2016
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib/RandomLib Fix 5.3 build Sep 7, 2016
test Add xor mixer, as well as fix build for libsodium supported versions Sep 7, 2016
.gitignore Update Composer settings Feb 17, 2016
.php_cs Some minor refactoring, fixing bug relating to string lengths with mb… Sep 7, 2016
.scrutinizer.yml added Scrutinizer config, restricting to lib/ Jan 23, 2015
.travis.yml Fix 5.3 build Sep 7, 2016
Makefile Some minor refactoring, fixing bug relating to string lengths with mb… Sep 7, 2016 Add travis build status to readme Sep 7, 2016
composer.json Some minor refactoring, fixing bug relating to string lengths with mb… Sep 7, 2016
phpunit.xml.dist Initial commit of random support Feb 13, 2013


Build Status

A library for generating random numbers and strings of various strengths.

This library is useful in security contexts.


Via Composer

$ composer require ircmaxell/random-lib



A factory is used to get generators of varying strength:

$factory = new RandomLib\Factory;
$generator = $factory->getGenerator(new SecurityLib\Strength(SecurityLib\Strength::MEDIUM));

A factory can be configured with additional mixers and sources but can be used out of the box to create both medium and low strength generators.

Convenience methods are provided for creating high, medium, and low strength generators. Example:

$generator = $factory->getMediumStrengthGenerator();


Convenience method to get a low strength random number generator.

Low Strength should be used anywhere that random strings are needed in a non-cryptographical setting. They are not strong enough to be used as keys or salts. They are however useful for one-time use tokens.


Convenience method to get a medium strength random number generator.

Medium Strength should be used for most needs of a cryptographic nature. They are strong enough to be used as keys and salts. However, they do take some time and resources to generate, so they should not be over-used


Convenience method to get a high strength random number generator.

High Strength keys should ONLY be used for generating extremely strong cryptographic keys. Generating them is very resource intensive and may take several minutes or more depending on the requested size.

There are currently no mixers shipped with this package that are capable of creating a high space generator. This will not work out of the box!


A generator is used to generate random numbers and strings.


// Generate a random string that is 32 bytes in length.
$bytes = $generator->generate(32);

// Generate a whole number between 5 and 15.
$randomInt = $generator->generateInt(5, 15);

// Generate a 32 character string that only contains the letters
// 'a', 'b', 'c', 'd', 'e', and 'f'.
$randomString = $generator->generateString(32, 'abcdef');


Generate a random byte string of the requested size.

$generator->generateInt($min = 0, $max = PHP_INT_MAX)

Generate a random integer with the given range. If range ($max - $min) is zero, $max will be used.

$generator->generateString($length, $characters = '')

Generate a random string of specified length.

This uses the supplied character list for generating the new result string. The list of characters should be specified as a string containing each allowed character.

If no character list is specified, the following list of characters is used:



// Give the character list 'abcdef':
print $generator->generateString(32, 'abcdef')."\n";

// One would expect to receive output that only contained those
// characters:
// adaeabecfbddcdaeedaedfbbcdccccfe
// adfbfdbfddadbfcbbefebcacbefafffa
// ceeadbcabecbccacdcaabbdccfadbafe
// abadcffabdcacdbcbafcaecabafcdbbf
// dbdbddacdeaceabfaefcbfafebcacdca




If you have questions or want to help out, join us in the channel on

Security Vulnerabilities

If you have found a security issue, please contact the author directly at

You can’t perform that action at this time.