PHP 7, PHP 8
random_bytes - Generates cryptographically secure pseudo-random bytes

random_bytes( int$length ): string

Generates an arbitrary length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors.

The sources of randomness used for this function are as follows:

On Windows, CryptGenRandom will always be used. As of PHP 7.2.0, the CNG-API will always be used instead.

On Linux, the getrandom(2) syscall will be used if available.

On other platforms, /dev/urandom will be used.

If none of the aforementioned sources are available, then an Exception will be thrown.


Although this function was added to PHP in PHP 7.0, a userland implementation is available for PHP 5.2 to 5.6, inclusive.



The length of the random string that should be returned in bytes.

Return Values

Returns a string containing the requested number of cryptographically secure random bytes.

Exceptions and Errors

If an appropriate source of randomness cannot be found, an Exception will be thrown.

If invalid parameters are given, a TypeError will be thrown.

If an invalid length of bytes is given, an Error will be thrown.

Related Functions

Example of random_bytes

Show all examples for random_bytes

PHP Version:

Function random_bytes:

CSPRNG Functions

Most used PHP functions