Chryptography-safe alphanumeric string

How to have a [0-9a-zA-Z] chryptography-safe string? I could use random_bytes() function but then bin2hex is only [0-9a-f].

no string is cryptographically secure.

cryptographically secure refers to the procedure of generation, not to the result.

Why would you be hex’ing the string?

2 Likes

Closest thing you’d be able to do is effectively base64 the bytes, but then discard any / 's and +'s

1 Like

The return value of random_bytes is a binary string. You need to use bin2hex to convert it to ASCII

Each binary byte will be 2 hex. How would be base64? Each binary byte is how many base64 characters?

I’m having trouble with “binary byte”.

My understanding is that essentially everything boils down to a whole lot of “on - off”, “true - false”, “zero - one”, “open - closed” bits - i.e. binary circuitry switches.

I admit I can struggle with base ten math at times so no guarantees this is correct, but if base 64 is expressed not with 0-1A-z etc. but with only zeroes and ones - binary
2 x 2 x 2 x 2 x 2 x 2 = 64
or 000000 to 111111 bits are needed

A byte is 8 bits, i.e. in binary, 8 places
or 00000000 to 11111111

Anyway, hopefully that helps some. Sorry if I’m totally off-topic out in left field.

Isn’t Base64 roughly 33% bigger than “normal” data? So 2 bytes of data take 3 bytes when Base64-encoded.

You said “I want a string made up of 0-9a-zA-z”
thats 62 possible characters.

You said you were making them from bytes, so you need a power-of-2 number of bits to form the characters in the set. Using Price is Right rules, that number must be 64. 8 bits in a byte is 256; 6 bits from the byte can be formed into a character in base64. You will need 4 random bytes for every 5 characters in your string if you use it as a bit stream.