How right to generate API key
-
How is it right to generate API key in PHP? What's the best thing that's preferable to different tasks, to use generation techniques?
-
As long as the question is formulated in a very general way, I will also report in a general way.
When the key is generated, it must be determined with its length, alphabet and structure.
- The length shall ensure the uniqueness of the key to each holder. For example, if you expect the keys to be grad1000, naturally you can't make it three digits. Choose the length also on the key storage site. In addition, if protection against bulkheads is required, a sufficient amount of information noise will be added;
- Alphabet is a set of symbols that you will use in the final string of the key (e.g. numerals or numerals and Latin letters). The most simple way would be to use the sixteenth figures, since the transformation of any binary line into the sixteenth type is a trivial task in any programming language;
- The structure is the existence or absence of means and fields to verify the key ' s validity without searching the base (sometimes may be useful), the presence of symbols separating the key to the group (as in the license keys of some PA manufacturers).
As a source of an accidental line, I recommend that a suitable piece of the device be counted.
/dev/randomor/dev/urandom, after it can be further hurled with cryptographic hexafucation and issued as a sixteenth line
