How to generate human-readable access codes?
Question
I am building an online-and-mailout ballot system in PHP/Laravel that requires an access token that is to be typed in by a person at some point, either the actual user or an administrator. As such, I would assume that the token would have to be generated and not traceable back to the original user via database dumps.
What would be the best way to generate such a code? I have looked at Hashids, but unsure if that would be a suitable solution, unless it is fine to use the ballot creation timestamp in seconds as a second value to use along with the ballot ID.
2 answers
solution1
0 2017-11-02 23:52:16
One of the Best and one of the fastest is:
$token = bin2hex(openssl_random_pseudo_bytes(int));
binary safe and cryptographically secure, but if You want get with length wanted, You must cut this and then You will get easer to hook token made only from 16 characters. If You want get human reliable string You must implement it by self and this is long way. I made something like this using cryptographically secure extensions SafeToken .
solution2
0 2017-11-03 00:34:18
Create a random byte array with a CSPRNG such as openssl_random_pseudo_bytes and then Base58 encode the result. This will give the shortest human usable character string for level of unique-ness.
Base58 a very human usable character set without easily confused characters. One example of this usage is Bitcoin.
Here is the character set:
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.