Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102102 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46889 invoked from network); 11 May 2018 10:51:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 May 2018 10:51:24 -0000 Authentication-Results: pb1.pair.com header.from=arvids.godjuks@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=arvids.godjuks@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.176 as permitted sender) X-PHP-List-Original-Sender: arvids.godjuks@gmail.com X-Host-Fingerprint: 209.85.216.176 mail-qt0-f176.google.com Received: from [209.85.216.176] ([209.85.216.176:39373] helo=mail-qt0-f176.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 13/EB-47313-AA575FA5 for ; Fri, 11 May 2018 06:51:23 -0400 Received: by mail-qt0-f176.google.com with SMTP id f1-v6so6441339qtj.6 for ; Fri, 11 May 2018 03:51:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TpyRXPHk87hSLvJZPAbqZCrJ6DaquMPitFfhaXSmSGE=; b=atbmMbBN96WS1WJPqt5oasSpkRV3SnJD0SopNjmHJo2BreDeFav5g5RT4mpQOxeo5c 9uQ1e5OrGJz2w03EClgyGIZdPnad8ASc2hOYBHMv8JntCyJY8zoHB/5K8ZOTXQM8dAzZ O0ZC0f7K1bL/gXpJTJ5X9xEspw0zLaZyH5VBTHLCh+8qu9JPTyzAZRCbsi3l1/kM8BqH fxA/f0GgUfThD+hTTiBXLKp9tDQVvGcana/vOCkHQWrfZEowTpmIU7YgTZso9KEWGoUy EdIe7ys2oH3AU2wVvIYzu2agiApEzjwoIuillQu48V0C/R6W9WX8fd+xw0UBd0dFaF2S BchA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TpyRXPHk87hSLvJZPAbqZCrJ6DaquMPitFfhaXSmSGE=; b=tzRjha9QQm8Y7UgNn7+B8ihXUotvlH+EgEER8AwrwdENYqG90nddfpMjGzpyPL619C eoBdhc2xQKdUzHp1KTmJD6xeC3Xsh7glAiUtdLBSw54Lu5qdv2FW4yUkV6KmXhxg7I3C /2sjSXFIRpZxr7pfLuf5QjrISmMHHXXfvnbgW4tvGz9dTY4+BY0eBZ3F3h7tK9kVQlJ0 X6/oGXH0BohyS6pzAoxXKPQuzdeOpnjCH1b5qoVGYOIajtF3fEUjH/Loh7XRYN956jdA 4WIrgoH5gVdBK2fJjC2gXnVP6hyQGux14I5L87pNhgarUXF4knItA6uC37PsLAlSUrgp vz+A== X-Gm-Message-State: ALKqPwdrgEdqc5SUTbiRcOdNkMjQbQYxyrSfEZNa38sOlJFOLczNr4ax jgrozHQZJfs9aQVILljsTzE4ZUib3cxugG7g81GIjA== X-Google-Smtp-Source: AB8JxZqQ6gIo7ZrPTIQZwIx89O9i6XUObDWDNyITfM/E16dtb/FU/3NZ5jJ2soOG6vl5ciGDlMlcCaNFy/rMOw27XV0= X-Received: by 2002:a0c:aa19:: with SMTP id d25-v6mr4581847qvb.155.1526035879731; Fri, 11 May 2018 03:51:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.241.20 with HTTP; Fri, 11 May 2018 03:50:49 -0700 (PDT) In-Reply-To: References: Date: Fri, 11 May 2018 12:50:49 +0200 Message-ID: To: Alice Wonder Cc: PHP internals Content-Type: multipart/alternative; boundary="00000000000086a5b1056bebea8c" Subject: Re: [PHP-DEV] [RFC] Deprecation of uniqid() From: arvids.godjuks@gmail.com (Arvids Godjuks) --00000000000086a5b1056bebea8c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2018-05-11 12:36 GMT+02:00 Alice Wonder : > On 05/11/2018 01:59 AM, Arvids Godjuks wrote: > >> 2018-05-10 16:33 GMT+02:00 Niklas Keller : >> >> Hey, >>> >>> I hereby propose to deprecate uniqid(). There have been attempts to fix >>> it >>> ( >>> https://wiki.php.net/rfc/uniqid), but those were rejected during >>> discussion, because there's no possible fix without breaking BC. Instea= d >>> of >>> a subtle BC break, this RFC favors the deprecation and moving users to >>> other functions. >>> >>> It's to be discussed whether the function should be removed with PHP 8.= 0 >>> or >>> just deprecated to avoid fully breaking things where it's not strictly >>> necessary. A deprecation will probably avoid most new usages, which is >>> the >>> main goal. >>> >>> RFC: https://wiki.php.net/rfc/deprecate-uniqid >>> >>> Kind Regards, >>> Niklas >>> >>> -- >>> PHP Internals - PHP Runtime Development Mailing List >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> Hello, >> >> as a userland user of this function I do disagree with it's outright >> removal. It has it's uses. >> What can be done with it is drop the $more_entropy flag and make it >> generate at least as long strings and use random_bytes under the hood fo= r >> a >> better random. >> It can also adopt a length parameter so you can vary the random part as >> much as you need it. >> >> You don't always need a truly random token - I have a system that uses >> uniqid to generate tens of thousands tokens per request and it's actuall= y >> a >> good thing they are time based at the start of it with a random part at >> the >> end (as I said the random part should be improved and get rid of that >> stupid dot when generating with $more_entropy =3D true). >> >> > It seems to me that for your use case, you could just use the time() > function to get part of your unique id and then use libsodium to generate= d > a nonce for the "random" part, using sodium's function for increment the > nonce between each use. > > Predictable, sure, but your use case says they don't need to be a truly > random token - just unique (essentially a non-random nonce) but with a ti= me > component. > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > Hello Alice, Sure, there is lots I can do about that project, including what you have described. One thing though - client does not need it or want it or want's to pay for that work. That whole project is a poster child for a "side project on a bare minimum, but done by a competent developer instead of a student so it actually works in the long run" --=20 Arv=C4=ABds Godjuks +371 26 851 664 arvids.godjuks@gmail.com Skype: psihius Telegram: @psihius https://t.me/psihius --00000000000086a5b1056bebea8c--