1 00:00:00,008 --> 00:00:02,290 What is C-spring? 2 00:00:02,290 --> 00:00:06,240 Cryptographically secure pseudorandom number generator. 3 00:00:06,240 --> 00:00:09,080 A secure way of generating random data. 4 00:00:09,080 --> 00:00:13,720 There are random number generators in PHP, RAN for instance. 5 00:00:13,720 --> 00:00:17,470 But none of the options in version five are very secure. 6 00:00:17,470 --> 00:00:22,440 In PHP seven, they put together a system interface to the operating systems 7 00:00:22,440 --> 00:00:24,400 random number generator. 8 00:00:24,400 --> 00:00:28,760 Because we can now use the operating system's random number generator, 9 00:00:28,760 --> 00:00:31,550 if that gets hacked, we have bigger problems. 10 00:00:31,550 --> 00:00:34,940 It probably means your entire system is compromised, and 11 00:00:34,940 --> 00:00:36,840 there's a flaw in your operating system itself. 12 00:00:38,070 --> 00:00:43,120 Secure random numbers are especially useful when generating random passwords or 13 00:00:43,120 --> 00:00:44,044 password. 14 00:00:45,810 --> 00:00:48,160 What does this look like for you as a developer? 15 00:00:48,160 --> 00:00:53,386 You now have two new functions to use, random int and random bytes. 16 00:00:53,386 --> 00:00:58,990 When using random_bytes you supply a single argument link, 17 00:00:58,990 --> 00:01:03,245 which is the link of the random string, that should be returned it bytes. 18 00:01:03,245 --> 00:01:06,740 random_bytes then returns a string 19 00:01:06,740 --> 00:01:10,850 containing the requested number of cryptographically secure random bytes. 20 00:01:11,960 --> 00:01:15,380 If we combine this with something like bin2hex, 21 00:01:15,380 --> 00:01:18,750 we can get the hexadecimal representation. 22 00:01:18,750 --> 00:01:21,340 These are bytes, not integers. 23 00:01:21,340 --> 00:01:24,730 If you are looking to return a random number, or 24 00:01:24,730 --> 00:01:28,397 integer, you should use the random_int function. 25 00:01:28,397 --> 00:01:34,600 When using random_int, you supply two arguments, min and max. 26 00:01:34,600 --> 00:01:38,005 This is the minimum and maximum numbers you want to use. 27 00:01:38,005 --> 00:01:45,362 For example, random_int(1,20) would return a random number between 1 and 28 00:01:45,362 --> 00:01:49,720 20, including the possibility of 1 and 20. 29 00:01:51,140 --> 00:01:53,860 Some random errors and exceptions to note. 30 00:01:53,860 --> 00:02:00,270 Min and max must be between the system setting of PHP_INT_MIN and PHP_INT_MAX. 31 00:02:00,270 --> 00:02:03,830 If an appropriate source of randomness cannot be found, 32 00:02:03,830 --> 00:02:05,050 an exception will be thrown. 33 00:02:06,380 --> 00:02:10,930 If invalid parameters are given, a TypeError will be thrown. 34 00:02:10,930 --> 00:02:14,330 If max is less than min, an Error will also be thrown. 35 00:02:15,800 --> 00:02:19,990 Although this isn't really a gotcha, if you are using the ran function for 36 00:02:19,990 --> 00:02:25,110 anything even remotely secure, you'll want to change that ran function to randomint.