I have some code I am using
function genCode ($entropy=1) {
$truCde = "";
$indx = 0;
$leng = 30*$entropy;
while ($indx < $leng) {
$code = "";
$length = 100*$entropy;
$index = 0;
while ($index < $length) {
$code .= rand();
$index++;
}
$index = 0;
while ($index < $length) {
$code = sha1($code);
$index++;
}
$truCde .= $code;
$indx++;
}
$finalCode = sha1(rand()) . hash("sha256",$truCde . md5($entropy*rand()));
$finalCode .= sha1(md5(strlen($finalCode)*$entropy));
return hash (
"sha256",
sha1($finalCode) . sha1(md5($finalCode)) . sha1(sha1($finalCode))
);
}
to generate a random code for e-mail verification. Is there code that takes less time to generate random codes. It takes about 1-2 seconds to run this code, but I am looking to shave .7 seconds off this because the rest of the script will take longer.
That’s massive overkill. Calling
rand()repeatedly isn’t going to make the code “more random”, nor will using random combinations of SHA and MD5 hashes. None of that complexity improves the verification codes.An improvement that would make a difference would be to use
mt_rand()in preference torand(). The Mersenne Twister pseudo RNG is much stronger than most defaultrand()implementations. The PHP documentation hints thatrand()may max out at 215 meaning you can only generate 32,768 unique verification codes.Other than that, a single hash call will do.
(You don’t even really need to call a hash function as the unpredictability of your codes will come from the random number generator, not the hash function. But hash functions have the nice side effect of creating long hex strings which “look” better.)