Download the PHP package paragonie/random_compat without Composer

On this page you can find all versions of the php package paragonie/random_compat. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.


After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package random_compat


Build Status Scrutinizer Latest Stable Version Latest Unstable Version License Downloads

PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises.

Although this library should function in earlier versions of PHP, we will only consider issues relevant to supported PHP versions. If you are using an unsupported version of PHP, please upgrade as soon as possible.


Although this library has been examined by some security experts in the PHP community, there will always be a chance that we overlooked something. Please ask your favorite trusted hackers to hammer it for implementation errors and bugs before even thinking about deploying it in production.

Do not use the master branch, use a stable release.

For the background of this library, please refer to our blog post on Generating Random Integers and Strings in PHP.

Usability Notice

If PHP cannot safely generate random data, this library will throw an Exception. It will never fall back to insecure random data. If this keeps happening, upgrade to a newer version of PHP immediately.


With Composer:

# For libraries and frameworks that support PHP 5 but may be used by
# other software that only supports PHP 7:
composer require paragonie/random_compat:\>=2

# For software that explicitly needs PHP 5 support:
composer require paragonie/random_compat:\<9.99

Signed PHP Archive:

As of version 1.2.0, we also ship an ECDSA-signed PHP Archive with each stable release on Github.

  1. Download the .phar, .phar.pubkey, and .phar.pubkey.asc files.
  2. (Recommended but not required) Verify the PGP signature of .phar.pubkey (contained within the .asc file) using the PGP public key for Paragon Initiative Enterprises.
  3. Extract both .phar and .phar.pubkey files to the same directory.
  4. require_once "/path/to/random_compat.phar";
  5. When a new version is released, you only need to replace the .phar file; the .pubkey will not change (unless our signing key is ever compromised).

Manual Installation:

  1. Download a stable release.
  2. Extract the files into your project.
  3. require_once "/path/to/random_compat/lib/random.php";

The entrypoint should be lib/random.php directly, not any of the other files in /lib.


This library exposes the CSPRNG functions added in PHP 7 for use in PHP 5 projects. Their behavior should be identical.

Generate a string of random bytes

Generate a random integer between two given integers (inclusive)

Exception handling

When handling exceptions and errors you must account for differences between PHP 5 and PHP7.

The differences:

Our recommendation

Always catch Error before Exception.



Exception: "Could not gather sufficient random data"

If an Exception is thrown, then your operating system is not secure.

  1. If you're on Windows, make sure you enable mcrypt.
  2. If you're on any other OS, make sure /dev/urandom is readable.
    • FreeBSD jails need to expose /dev/urandom from the host OS
    • If you use open_basedir, make sure /dev/urandom is allowed

This library does not (and will not accept any patches to) fall back to an insecure random number generator.

Version Conflict with [Other PHP Project]

If you're using a project that has a line like this in its composer.json

"require" {
    "paragonie/random_compat": "~1.1",

...and then you try to add random_compat 2 (or another library that explicitly requires random_compat 2, such as this secure PHP encryption library), you will get a version conflict.

The solution is to get the project to update its requirement string to allow version 2 and above to be used instead of hard-locking users to version 1.

Version 9.99.99

Note: There is a special version called 9.99.99 which makes this library do nothing, but is only installable on PHP 7.

If you're writing software (e.g. a library) that supports PHP 5, but may be used by software that doesn't, you'll want to allow 9.99.99 to be installed. The above diff is what you want.

Conversely, if you're writing software that (in and of itself) supports PHP 5, you do not want 9.99.99 to be installed, so you'll want to make this change instead:

To avoid installing "empty" version 9.99.99 you can add replace section in your root composer.json:

"replace": {
    "paragonie/random_compat": "9.99.99"

Manifest Read Length Error

If you're using the PHP Archive (Phar) approach rather than Composer, and you are getting an error message to the effect of "manifest read length was {int1} should be {int2}", the Phar extension may not be enabled.

See this comment for specific guidance on how to fix this issue.


This project would not be anywhere near as excellent as it is today if it weren't for the contributions of the following individuals:

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.

All versions of random_compat with dependencies

PHP Build Version
Package Version
Requires php Version >=5.2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package paragonie/random_compat contains the following files

Loading the files please wait ....