PHP Script to generate a random salt

Random NumbersThere are many times and circumstances in your programming that you may need to write and generate a random salt.  This may be include:

  • Creating passwords for users
  • Coupon codes
  • Random identification strings

When this is needed, many programming languages have a default random function of some kind.  For example, in PHP you have RAND which you can pass two arguments, a low number and a high number and it will pick a random one for you.

What do you do then if you want to generate a random string using letters and numbers.  Maybe you want to use both upper and lower case numbers.  Maybe you want to exclude numbers that look similar such as the number 0 and letter O, which would be handy in generating coupon codes so that users do not mix them up.

Below is a handy PHP script that allows you create a random salt.  Several options are available to make the routine more powerful and customizable.

 * Generates a salt based on optional input
 * @param int $length Optional, max length of for the salt
 * @param string $key Optional, a prefix to use in the generated salt
 * @param bool $caseSensitive Optional, if true will add lower case letters into the salt
 * @param bool $removeSimilar Optional, if true will not use characters that look similar such as 0 and O.
 * @return string A salt
 public static function generateSalt($length = 10, $key = '', $caseSensitive = true, $removeSimilar = true) {
   // Build the list of letters and numbers to choose from
   $chars = '';   

   // Start with numbers and capital letters, if removing similar items then don't include i's and 1's etc...
   if ($removeSimilar) {
     $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ' . '23456789';
     $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . '0123456789';
   // If case sensitive is allowed then add lower case letters.
   if ($caseSensitive) {
     if ($removeSimilar) {
       $chars .= 'abcdefghjkmnpqrstuvwxyz';
       $chars .= 'abcdefghijklmnopqrstuvwxyz';

   // Start with the user based prefix key if passed
   $salt = $key;
   // Helper var for the calculation
   $max = (strlen($chars) - 1);

   // Build the random string
   $num = file_get_contents('/dev/urandom', 0, null, -1, $length);
   for ($i = 0; $i < $length; $i++) {
     $salt .= $chars[(ord($num[$i]) % ($max + 1))];

   // Return the randomize string
   return $salt;

Let’s look at some of the options.

First is the LENGTH param.  Using this param you can specify the length of the random string that is generated.

Next is the KEY param.  If desired, you can pass a string to be placed at the front of the salt.  this can be useful if you want to group a collection of random strings together by another identification string.

Next is the CASE SENSITIVE param.  If true, then character case will be respected so that “a” is not the same as “A”.

Next is the REMOVE SIMILAR param. If true, then characters and numbers that look similar, such a 0 and O are not included in the possible outcome.  This is especially helpful if the generated salt will be printed or displayed to a user, such as in a coupon code based system.

Posted in , , and tagged , .