Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:109977
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77865 invoked from network); 3 May 2020 14:22:54 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 3 May 2020 14:22:54 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id CF6381804C2
	for <internals@lists.php.net>; Sun,  3 May 2020 05:57:19 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <rowan.collins@gmail.com>
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun,  3 May 2020 05:57:19 -0700 (PDT)
Received: by mail-wr1-f47.google.com with SMTP id x17so17583524wrt.5
        for <internals@lists.php.net>; Sun, 03 May 2020 05:57:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding:content-language;
        bh=cKLCNehs6/oT39ZEq/FdEeOytyAsdvcdd3CcwzUwXUs=;
        b=TwBjdHje3W+cjllKdeICRv08ArpGymrsnFwSXffwLxLdD8hS1A+6c3BGKG5Nrdjv6f
         lZIBW8wOw2tHVjKEd4755gmc7YlXS1ZUPR+IJaD9RJihElHTeICPPnN+0Hd2Cr2vHgUW
         QIwqPeJ+7FsalU9HTcob8G+mcd/cgh/PU+YUsKr8wsthkJTXYOHmHs5I+yYgIcSkZra0
         L+aok9Pw0VbDqgiwpuQNiyN3cc8tVbYF8PX0Kvkqju6lrRO22MqSiNQfog1Sam64YHEI
         tsaapN/TBGo8RBCl4v5EfgMXANFt2G4LopnAsmQcgZGDyuNvraZrSMNHX2kZO6MN60k0
         UtJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=cKLCNehs6/oT39ZEq/FdEeOytyAsdvcdd3CcwzUwXUs=;
        b=EUH17aAqYEPhpJP1roqQSxWYu0CfCnlgApqXE6aCsTAQe3g+Rnrf/+zYdsgt5fRbrw
         Pjx/seRc6cI1u9GxurNVJoLpU4mtxcCx4BFwMy/R/Vcf47DguUJ2IlBgwOtN/YllfbTn
         TuxPk1Ak75Z8CtlFOzWh9vGO4HiQyPuuI33uNVCJDtOvx/luYmG76nLNJXB6Gx4oyDwy
         CFBYm2mJ/CrOqycMoEKjUsP37cDBBgiwuYnfj65NtydGAzxzJX+Nm0nX1yjt3Lbgmam1
         T9JgJ/siBwr8pcUAmlezc1/ktXjOb12yvXdfa8VxrR2vPgln8M5W5VAAFTGFQsOhbJVS
         2eKA==
X-Gm-Message-State: AGi0PubwJGWD+wZzM7q7oITlhjGTwLdg8OckXQ9U7+/Oomv4JTfAcQ7H
	47YWo0pKEgFSG8+qRUburGJRoqek
X-Google-Smtp-Source: APiQypJ8Th8qdeV2a2oPfWj3+LckAAw++Vf3wDylxFjqVG6F3xXgkLxJ0Pqec6ZhmBNGBi7ho7i/qg==
X-Received: by 2002:a5d:4a0f:: with SMTP id m15mr5313629wrq.125.1588510637143;
        Sun, 03 May 2020 05:57:17 -0700 (PDT)
Received: from [192.168.0.14] (cpc84253-brig22-2-0-cust114.3-3.cable.virginm.net. [81.108.141.115])
        by smtp.googlemail.com with ESMTPSA id o3sm13677327wru.68.2020.05.03.05.57.16
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 03 May 2020 05:57:16 -0700 (PDT)
To: internals@lists.php.net
References: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
 <C4580849-BC5B-45CA-9B57-56CB63B3F8F0@benramsey.com>
 <CAF+90c-Uc1_F0Yy-kXvspCsLumAbOLfY-G_in3TTE288f=ZTrw@mail.gmail.com>
 <CAJmjfvXUtWE1r9+PxDnRFkbFXgBG=KpRCcfzAyd3N7P3vYB2=w@mail.gmail.com>
Message-ID: <2ce8d735-b1d8-8c09-3b76-8d8176b1344a@gmail.com>
Date: Sun, 3 May 2020 13:57:15 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <CAJmjfvXUtWE1r9+PxDnRFkbFXgBG=KpRCcfzAyd3N7P3vYB2=w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
Subject: Re: [PHP-DEV] Deprecating uniqid()
From: rowan.collins@gmail.com (Rowan Tommins)

On 03/05/2020 09:54, Jakob Givoni wrote:
> I'm using this function frequently, but I am ok with deprecating it as
> I think the name is dangerously misleading - basically, anything that
> mentions "unique" without saying to what, is a misnomer.
> However, as it's useful to have a function in core that gives you a
> random string with a fixed length that is unique within some
> well-defined boundaries, I'd like to be sure there is an easy
> replacement for the function when the time comes to upgrade php.
> Ideally something that is guaranteed to be unique within the current
> php process and takes the same arguments as uniqid.


I definitely think that all deprecations should come with clear guidance 
of either "use this instead" or "what you're doing is fundamentally wrong".

I'm not sure it needs to retain the same arguments, or even the same 
output format, though, just fit the same use cases. The prefix can be 
added trivially, and the "hex, dot, numeric" output of the "more 
entropy" version is not often particularly helpful.

A common suggestion is to use binhex(random_bytes($desired_length / 2)), 
which isn't particularly elegant, and in my experience, the main 
requirement is "a unique string of printable/alphanumeric characters, so 
limiting to [0-9a-f] is just limiting entropy for no reason.

I wonder if we could add a parameter to random_bytes, or an accompanying 
function, that would return only alphanumeric characters; or perhaps 
accept a range of characters to allow in some form.

Regards,

-- 
Rowan Tommins (né Collins)
[IMSoP]