public static method

Generates random bytes for use in UUIDs and password salts, using (when available) a cryptographically strong random number generator.

$bits = String::random(8); // 64 bits
$hex = bin2hex($bits); // [0-9a-f]+

Optionally base64-encodes the resulting random string per the following. The alphabet used by base64_encode() is different than the one we should be using. When considering the meaty part of the resulting string, however, a bijection allows to go the from one to another. Given that we're working on random bytes, we can use safely use base64_encode() without losing any entropy.


  • integer $bytes

    The number of random bytes to generate.

  • array $options

    The options used when generating random bytes:

    • 'encode' integer: If specified, and set to String::ENCODE_BASE_64, the resulting value will be base64-encoded, per the notes above.



Returns a string of random bytes.


	public static function random($bytes, array $options = array()) {
		$defaults = array('encode' => null);
		$options += $defaults;

		$source = static::$_source ?: static::_source();
		$result = $source($bytes);

		if ($options['encode'] !== static::ENCODE_BASE_64) {
			return $result;
		return strtr(rtrim(base64_encode($result), '='), '+', '.');