I have been following information on SO about generating random strings using
Although I imagine each PHP cryptography extension would provide its own version of a function to generate random data, like they currently do:
random_bytes()is better than it)
That is simply because any cryptography API would be incomplete without access to a CSPRNG. In fact,
mcrypt_create_iv() was added by the PHP developers for that same reason, while it is otherwise not part of libmcrypt.
I only use it for safe/retrievel of a unique string.
"Random" doesn't mean "unique". The former needs to be unpredictable, while the latter has to be unrepeatable.
It is true that the chances of a collision decrease exponentially with each random byte you add to a string, uniqueness is never 100% guaranteed.