8  

You can use PHP's built-in hashing functions, sha1 and md5. Choose one, not both.

您可以使用PHP的内置散列函数sha1和md5。选择一个,而不是两个。

One may think that using both, sha1(md5($pass)) would be a solution. Using both does not make your password more secure, its causes redundant data and does not make much sense.

有人可能会认为使用这两种方法，sha1(md5($pass))将是一个解决方案。使用这两种方法不会使您的密码更加安全，它会导致冗余数据，并且没有多大意义。

Take a look at PHP Security Consortium: Password Hashing they give a good article with weaknesses and improving security with hashing.

让我们来看看PHP安全联盟:密码哈希:他们提供了一篇有弱点的好文章，并改进了哈希的安全性。

Nonce stands for "numbers used once". They are used on requests to prevent unauthorized access, they send a secret key and check the key each time your code is used.

Nonce表示“用过一次的数字”。它们用于请求，以防止未经授权的访问，它们发送一个秘密密钥，并在每次使用代码时检查密钥。

You can check out more at PHP NONCE Library from FullThrottle Development

您可以在PHP NONCE库中详细了解FullThrottle Development

63  

bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));

1. mcrypt_create_iv will give you a random sequence of bytes.
2. mcrypt_create_iv将提供一个随机的字节序列。
3. bin2hex will convert it to ASCII text
4. bin2hex将它转换为ASCII文本

Example output:

示例输出:

d2c63a605ae27c13e43e26fe2c97a36c4556846dd3ef

Bare in mind that "best" is a relative term. You have a tradeoff to make between security, uniqueness and speed. The above example is good for 99% of the cases, though if you are dealing with a particularly sensitive data, you might want to read about the difference between MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM.

记住“最佳”是一个相对的名词。您需要在安全性、惟一性和速度之间进行权衡。上面的示例适用于99%的情况，但是如果您正在处理一个特别敏感的数据，您可能希望了解MCRYPT_DEV_URANDOM和MCRYPT_DEV_RANDOM之间的区别。

Finally, there is a RandomLib "for generating random numbers and strings of various strengths".

最后，还有一个随机库“用于生成各种强度的随机数和字符串”。

Notice that so far I have assumed that you are looking to generate a random string, which is not the same as deriving a hash from a value. For the latter, refer to password_hash.

注意，到目前为止，我假设您正在生成一个随机字符串，这与从值派生散列是不同的。对于后者，请参考password_hash。

9  

Maybe uniqid() is what you need?

也许您需要uniqid() ?

uniqid — Generate a unique ID

uniqid -生成唯一的ID

7  

random_bytes() is available as of PHP 7.0 (or use this polyfill for 5.2 through 5.6):

random_bytes()在PHP 7.0中可用(或者在5.2到5.6中使用此polyfill):

$hash = bin2hex(random_bytes(16));
echo serialize($hash);

Output:

输出:

s:32:"c8b2ca837488ff779753f374545b603c";

s:32:“c8b2ca837488ff779753f374545b603c”;

5  

You can use openssl_random_pseudo_bytes since php 5.3.0 to generate a pseudo random string of bytes. You can use this function and convert it in some way to string using one of these methods:

从php 5.3.0开始，您可以使用openssl_random_pseudo_bytes来生成一个伪随机字节字符串。您可以使用此函数并以某种方式将其转换为字符串，使用以下方法之一:

$bytes = openssl_random_pseudo_bytes(32);
$hash = base64_encode($bytes);

or

或

$bytes = openssl_random_pseudo_bytes(32);
$hash = bin2hex($bytes);

The first one will generate the shortest string, with numbers, lowercase, uppercase and some special characters (=, +, /). The second alternative will generate hexadecimal numbers (0-9, a-f)

第一个将生成最短的字符串，包含数字、小写、大写和一些特殊字符(=、+、/)。第二个选项将生成十六进制数字(0-9,a-f)

1  

Use random_bytes() if it's available!

如果可以使用random_bytes() !

$length = 32;

长度= 32美元;

if (function_exists("random_bytes")) {
    $bytes = random_bytes(ceil($lenght / 2));
    $token = substr(bin2hex($bytes), 0, $lenght)
}

Check it on php.net

在php.net上检查它

0  

I personally use apache's mod_unique_id to generate a random unique number to store my sessions. It's really easy to use (if you use apache).

我个人使用apache的mod_unique_id来生成一个随机的唯一数字来存储我的会话。它非常容易使用(如果您使用apache)。

For nonce take a look here http://en.wikipedia.org/wiki/Cryptographic_nonce there's even a link to a PHP library.

nonce看一下http://en.wikipedia.org/wiki/Cryptographic_nonce甚至还有一个PHP库的链接。

0  

I generally dont manually manage session ids. Ive seen something along these lines recommended for mixing things up a bit before, ive never used myself so i cant attest to it being any better or worse than the default (Note this is for use with autogen not with manual management).

我通常不手动管理会话id。我以前见过一些关于混合的建议，我从来没有使用过我自己，所以我不能证明它比默认的更好或更差(注意这是用于autogen而不是手动管理)。

//md5 "emulation" using sha1
ini_set('session.hash_function', 1);
ini_set('session.hash_bits_per_character', 5);

-3  

Different people will have different best ways. But this is my way:

不同的人会有不同的最佳方式。但这是我的方式:

1. Download this rand-hash.php file : http://bit.ly/random-string-generator
2. 下载这个rand-hash。php文件:http://bit.ly/random-string-generator
3. include() it in the php script that you are working with. Then, simply call cc_rand() function. By default it will return a 6 characters long random string that may include a-z, A-Z, and 0-9. You can pass length to specify how many characters cc_rand() should return.
4. 在正在使用的php脚本中包含()。然后，只需调用cc_rand()函数。默认情况下，它将返回一个包含a-z、a-z和0-9的6个字符长的随机字符串。您可以传递长度来指定cc_rand()应该返回多少字符。

Example:

例子:

1. cc_rand() will return something like: 4M8iro

   cc_rand()将返回如下内容:4M8iro。

2. cc_rand(15) will return something similar to this: S4cDK0L34hRIqAS

   cc_rand(15)将返回类似的内容:S4cDK0L34hRIqAS

Cheers!

干杯!