PHP Function Random_Int
Generating random numbers is an essential part of any programming project. Whether you are building an arcade game or a security program you are going to need some method for generating random data. While there are many methods for doing this in PHP, one of the best is the php function random_int. This function uses a cryptographically secure pseudo-random number generator to generate random integers for use in applications that require unbiased results.
When using the php random_int function you can specify an optional min and max value that will limit the generated random number to these values. If no min and max are provided the function will return a random number between 0 and getrandmax().
The php function random_int uses the CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) which is seeded with an initial random value and generates random numbers based on the Mersenne Twister algorithm. This function is recommended in all cases where unbiased results are required over the rand() function which is not cryptographically secure. This function also throws an Exception if it cannot yield sufficient randomness and does not fallback to any insecure RNG sources like rand() does.
As of PHP 7.1.0 the rand() function has been an alias for the mt_rand() function which is said to be four times faster than the old function and produce more random integers that are harder to guess. This is not a good tradeoff for security. Leaking the internal state or seed of a PRNG to attackers allows them to predict future output from that PRNG which violates the Defense in Depth principle.