CPRNG

[benanamen]

I know @Jaques1 has provided an answer somewhere but I couldn't find it. I think it was with mcrypt_create_iv

 

 

 I want to generate a CPRNG to use as an API key. This will also be used as a unique account id (I think).

 

 

Account Usage:

• An instructor will register a new account and is automatically Super Admin of that account (Account Owner)
• Account owner can add other instructors to his account who can also optionally be super admins of that account (Sub Instructors).

• Sub Instructor super admins cannot delete the account owner.
• Sub Instructor super admins can create other instructors, optionally as super admin or not a super admin

 

Only other user type is a student/examinee. I am thinking there should be one users table and use RBAC,

 

Any suggestions on the table(s) setup or other comments? (This is for an enterprise exam application, my pet project for learning)

 

 

 

 

Edited March 7, 2016 by benanamen

[requinix]

mcrypt_create_iv() and openssl_random_pseudo_bytes() can both do it. Unless Jacques says something, in which case I won't come back in here.

[Jacques1]

I would use the new random_bytes() function. If you don't have PHP 7 yet, you can plug in a compatiblity library for the time being.

 

There's nothing inherently wrong with Mcrypt or OpenSSL, but relying on a single low-level extension can be problematic: None of them is available on all systems, and the Mcrypt extension is actually dying (the original library has been unmaintained for almost 10 years, and the PHP core developers already considered removing ext/mcrypt).

 

The permission model sounds confusing, but you should probably create a separate thread for that.