Chryptography-safe alphanumeric string

How to have a [0-9a-zA-Z] chryptography-safe string? I could use random_bytes() function but then bin2hex is only [0-9a-f].

no string is cryptographically secure.

cryptographically secure refers to the procedure of generation, not to the result.

Why would you be hex’ing the string?


Closest thing you’d be able to do is effectively base64 the bytes, but then discard any / 's and +'s

1 Like

The return value of random_bytes is a binary string. You need to use bin2hex to convert it to ASCII

Each binary byte will be 2 hex. How would be base64? Each binary byte is how many base64 characters?

I’m having trouble with “binary byte”.

My understanding is that essentially everything boils down to a whole lot of “on - off”, “true - false”, “zero - one”, “open - closed” bits - i.e. binary circuitry switches.

I admit I can struggle with base ten math at times so no guarantees this is correct, but if base 64 is expressed not with 0-1A-z etc. but with only zeroes and ones - binary
2 x 2 x 2 x 2 x 2 x 2 = 64
or 000000 to 111111 bits are needed

A byte is 8 bits, i.e. in binary, 8 places
or 00000000 to 11111111

Anyway, hopefully that helps some. Sorry if I’m totally off-topic out in left field.

Isn’t Base64 roughly 33% bigger than “normal” data? So 2 bytes of data take 3 bytes when Base64-encoded.

You said “I want a string made up of 0-9a-zA-z”
thats 62 possible characters.

You said you were making them from bytes, so you need a power-of-2 number of bits to form the characters in the set. Using Price is Right rules, that number must be 64. 8 bits in a byte is 256; 6 bits from the byte can be formed into a character in base64. You will need 4 random bytes for every 5 characters in your string if you use it as a bit stream.