Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:109984
To: Ben Ramsey <ben@benramsey.com>, PHP internals <internals@lists.php.net>
References: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
 <C4580849-BC5B-45CA-9B57-56CB63B3F8F0@benramsey.com>
Autocrypt: addr=andreas@heigl.org; keydata=
 xsFNBFzEA7MBEACpvo0AbmZG6lUGMvDUebQcYVjOPrdqtnlb2WoZH9FrJyHyenzejO29VCju
 ekdhu44sUNgEHXxExUekguLDGZOzC9926g2rGDWO3MU1oqRlKURnOWsp/i0d9WM07ihj/lL6
 smT9YLeagtPCJporUiFW8JyIusBWWhlL8hp8ZDvEfmvi06xDXML3wXzH/KWmoew3LgdwCZPk
 QSIWemUDPZKcUL8eeVkhYIJA9VKQnGSx36p5T7Ch/l+iqiPlyY1GUNItX9AQjpr07V0kIjyK
 +yHn6Aw1uy1xWrLn7ATDX8YuMvaz72+c/P2zQReMWoZNfggd2FHOPRUHvHcC9C91PuzJh8e9
 hvtU/szDrPvvCVpg5aRymN/YPFJBSEqZfDelhD+8A1TJNPqSyzc21Qdd61636ynryawIW+Hx
 FT/UN1eA7V5/fdjeRyNUJd7B99Vo5A/lI25bIpg6cPLOLpVPFHEpNlGPQ8pcMRwnjG9GR74P
 TfH7Dy8Ksq8lpygPljJInZbz0870cHlM5XSdIPTXWQFfJi0e2kfaLCEni/Vih+eL0e5F7X3R
 taXY0HRFYHX8dY7ojf3sZJjdPVm3AQXY1yNkjnRxyJ/4gIwdFwYplU6lRBL92jdDLavPWVK4
 Dsil/woKmsCpxClWfU/MzmQlhbdH+x8V2SYOa4aJWiixx59DxQARAQABzSFBbmRyZWFzIEhl
 aWdsIDxhbmRyZWFzQGhlaWdsLm9yZz7CwaUEEwEKADgWIQRZ7tBmhrXNAHaUcA2o1UN+znJP
 5QUCXMQDswIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAhCRCo1UN+znJP5RYhBFnu0GaG
 tc0AdpRwDajVQ37Ock/lyWwP/i+eYKnmhUhd01eQrc81qMdHV12mvb4CR75ujpNLzTUxJ3rf
 x/ZSD95Ca7qPRe4duAmqX3CegOHQ6rjts/EZOzM9tuEPQUvWzpgEOokpzPaiRuZhG626YLna
 7iHx0bFtWMIz2V7WtyQrnhoOOTMvbuIZE19AvDW+D2B2XXJHPzrptnvkwi2T/sF7Amuh1DnP
 B41wNU6Zix48umjXel4HWbMM/+24EfgKmh4O0Bv/5FzlC/8no/uIwMLh89sUiXn/8Z7tuUxX
 3yx5c4BgwK8NiYtwkVucRIGVr/y17yUoTYTU+PCch4y8N9gefXsJh3ZSqeaVBsls3fT9jZ6I
 9P3DvCOuBz6oZFYRT6G4YyWsNdCaYC0c8AN/TxDA5akNWhn5YWxAQHd/Z+xm186fFe/zJv5D
 XqRVw9ZpHK+6xPkotPf2HZW9mWEfy6mis2KaOzv5GXwWzs8/qfYv44KcjWxIJOLEFBPgwM0z
 ohXGqHLmPwz2KDe9HtzMmBVWwOYoIWKA6Ju8gWDF9EfYDsmPKmU7Tfh5TDsjcgl19+4FaNnx
 IJ/BnexLrtRo/LTVRWi9JAqKQQkF8AMRyXhfbliwe8dcKSxguhkdvrC+0XNSuPFfCKnDOVa0
 0FHaBMHaUJ94ItzBhwd03ypyCD56bEOQEd4v8yXDk4sZbzp3LqFrcEkNCB0vzsFNBFzEBUgB
 EAC/vl+PO4rTdvuTWzStDtolJBujjgivFInqfiqVsLH8H/K8+VBVMU59hAX4k0QnfTVxDHoq
 bY6fM7EVTdjEhL++2vmojGoVMiGyPuD1F/mNn2USF8e5KU5+E/Ne4sNfZha0kOnP6iPPCVL5
 jAP6/RWG1AIdL42RD3PllJj52WAkoZ52tKQ4YiXtW96Y6MT0zQNmqwZBoZptcbYf6yjfNEmn
 ++2bcTqUcfsIsFwChueAekPX1VlM0+aUcyRT5elBLeFmllQPJDJG4y3L/JN3yUzCtGacY0yA
 xSKqmMYiSChOU27jLzfYpcf4K1IXUPjbuZDiZTlIhX3qk1Iv4STpY7UbId1sSYaRJlbvsO/z
 yaSzz8rNV2uwMegx6/50eYjS9bQ2RI61uv1mr+wGF/Dp5WReoq5pewDwLrDn7+F3pmX1G/6r
 2v6UI2yaXlWJnnRchoAveskeeW0W81yOAhzLwKURcclHpEKdPYePTL0zSdHVd1I/flfjzEtO
 TmASLCm0b/gvUGqAorlCvNwUndFxb0dSrjtxUWNw7XOc63VrhjWtLVGAHfNg57v6UdcJncmH
 W1xHEB7ltFceQ5ukw0NWSzRIdmWUalkPEK6aW95+ZYW48jYjztLqSZcWJd6qOpkV87kDKGTn
 h+dGT8qpmbnfmZB34P0qvD0RzXZQYbSGevxQUwARAQABwsPaBBgBCgAgFiEEWe7QZoa1zQB2
 lHANqNVDfs5yT+UFAlzEBUgCGwICbgkQqNVDfs5yT+XBiyAEGQEKAB0WIQQ4ejt63RV1mTxE
 krfgV/5IIre2RQUCXMQFSAAhCRDgV/5IIre2RRYhBDh6O3rdFXWZPESSt+BX/kgit7ZFM28Q
 ALr4HOTaNkpLZMxJAECLxFQg8Yzg9GdUE4l6Xqeea+Qz6Hv2fO0AV8VQug7h7mFoAQQwG0lK
 5yHa/RF3tcApVEXMyL19AamMNnA5H0mXEUcTvge2JeVK9ONTBYjSR6llOnUKCo24p3lnzmp6
 eZNEfaTPbSGo7UTmWcqfHtkvH4C5hOhDyY6GTVrgcMV2G2B1jq4evn0XxdqTipo3VyAMtwW/
 HlTHKXpXpW0QhzD+D6ioNUgyQjpPjkI3BWJHzSCWVUKgWD2EdOu+IsciDM115APvdyeXvgWN
 F8jphl+PJf2inqS8iSrd4pf04//tqNhkmBHSIFh6LwPlUUMEjKI4sWUYcL8zZimUmaK9HyZe
 bZq+IQFnjMw80h4iMc4YpY8mKgz4ld7wNV68+NFpgn+YaK6EVCpML91ret5kR4PyhO3tlMyd
 YzW3SFmmYFIEOEn+l5V223/8RDsg7XilBPZXtYDDpCJSedo3+d9eeBTyLnaXhnmhs1N06IVM
 bga/xg6BYT0OxJ7KFhyLW9SQ2+22oVqtfqGR9+Qx8UaiLnAx2a0ZjCHOspg/RTsXz7jqC8Ez
 9AVEPLOrw/ItIFI8Mx1AoJxfdoK9JIIsSNHeKrvCNmRK1n7NnNLa1JDRXYNgxsCD81YJzpQj
 tUC4KBKbFevs/MHDKsg/o2mlfeNy3AAEYckWFiEEWe7QZoa1zQB2lHANqNVDfs5yT+Xtow/8
 COENZm5QH5ag+dU7eqhpF223hoxEj7xWPCxyLccdy55BrtexL8l/ODzkxReo3s+jOt8QGDCT
 ln6R0Vb7h2GJoRee0SpZSDCQTEnnKyY/n3tYhAbaFSlfSPCSvN1mrqtn/zuYcIAyAWTUuD/q
 g85Cpe8F0sWUyjpEg9rALwR5E5wi6zO/MpHgYgQjJfJHmt+UtRQV+8us0+Qx67EDkIqg3UiJ
 2WeAw7+wfnxppzZnruTues1CTrZB4wVCd1wpvjk+3duA+MNIH3yGUCSUrO4eTHGXCt6KUVwG
 rH/x/Wp6De1OQXb1GRJo/fwr1GcuGt9Gu3hPPx8pMX8LoDUeovZ0xCa2jXhLxTajOr3fGK7S
 hSksV06ip+o/GCKpupZQUgBjglLgnaj0dfCMWKLpfv9Un1iPQM0KtnK29JFHbiPqnavYcWB8
 Q8Ozo0U8agX282SwmFzUVWISSO3XPm9N2a7f4NFIPdBOlFS6NWdQvyOvSCChncIjqqNWpvwr
 b5125tP1LFYo1sE5w07Aa2pC3DbPwVn/a1A6+70DjgDmAJgnl8eP269y8Qol7pfuFftYGkAi
 1lR5jzEP3W41Jjb+5x6HSkToA8fE0xFosIoxGnK9EIepFsDaKItPSoXimbBhS1giKDVOQ1zN
 u3OPfya8f4Y5DqidQzHJbXyquomfwvO+WGTOwU0EXMQFuAEQAKj9ciFOw0xUzVcsjarMpZYs
 gghg3+5Nyi6aHQB6H3yxpZiODrwf9+/YJmEXQJnsldxbcSoKNbMuceIZdMy6ZjAKbm+DGJzW
 4dNLq2/3uE080DzS8ooWCz+h9gzgy3NBZ0vD9zuXMXqqiaFuv3CgptiDBGenyqHYLzhofr45
 C/ojW3Z9YTuqGgsytKHYSIrF6iBeTI2orOVGJsFQ6yO6tNeD5Qm3s0Seun+qCbWb3OECQyhp
 0WzltE4Rvbipnt4OKPUeaszqZRvg6QvY+cPORQEnYC3mi2n65QImsBNLa0DPQ4Y27eKMk/3j
 5jV3c23qMLmkAjjRlzFJcwyssUBNcmI1gtoP9jq2kuBdotAXWSuC29wZWTEnz98lWspVyYXw
 J+dpv6ts0MjEsDBZP52ivYHAOBGhEjjlzIZcHtgey12T2QFRmp9/UGsxksYSan4zrETbAU9Z
 qfiQPagiHkHXgIpQxgH4IGYyUmGQjMGXYa87ce9XLLAKTYSi6tHGMOhxnHJqMT9/AW4Arl6a
 4Uqu5wyayfHNkwwl2SgmaejOwFL06P17xiJH7IAwN7HHjXnYbpI4JH0lLGcVQE8Qo6Bpsg8t
 jd5B+fScF2H+av+IpKD7nOPduxu9R629EV1NtRMWeqywvtvdDnJ1ovdDo+MI78V7RuYspedj
 YDNjx6ZvfFz/ABEBAAHCwY0EGAEKACAWIQRZ7tBmhrXNAHaUcA2o1UN+znJP5QUCXMQFuAIb
 DAAhCRCo1UN+znJP5RYhBFnu0GaGtc0AdpRwDajVQ37Ock/ly/cP/1SSqtqsRsUtSBkmmqMH
 J3okcfPGXwU85LWpIW6l4Z1hcD/b7k2h3Es0aMBSFc3mueZP+ZkHirk0xLe5NGG9vZcKE/oq
 otdlf+9xASGlCviU+WT9vG50F5JKqqUc3K6OJQ84uYHmpreyjLFg5mKgh8l1NsV3gC56ny79
 Y37CSTHqA8y5fKpedKptc/rveFTl3/eHZaplfb+kFqMcMNpNsTVgQHlA9mM1FwGZ3KV2witT
 CERQR5m4OBwGqZqRVHsD37DuD6VBCahtSAOq5fXLGZ3PewbwgoWukmTL1xqxCIv2ozXw9JlN
 qdyMuRdVFzcfciZTM4kL6lM4gOzElqJU9mWK/7p0q3JF1Ie5QMBOLavEYYV2dnIy/ubm5P8R
 hQScnJ/mCqE+YJmfoMBq5bjdFSRaIH6WNkSWxfI/FW1EfrxisZbrIMngu7hBQKFbCFCRUN0G
 j7RppyGYD9yks+x7GZAMIlxyeT+sKR9wljLuCWjkJTjKNDT8UWTr7XwJHQ2/ouI3fmI77iZC
 Zbq9aesobv9NnBO/waAzjYAEx2ahZmM7m1rQlPS636tUZ1QVZx/4SzNiMTBsgWLDQ0VtxcEm
 Ye54+r8Y4o0vSrMcDYgBczZe/ASpSJB4AI1lQ3o3s5p3AeYsYPBtBsysSAbd0uZ65EDc9xwS
 RLiMJj+x8jGy2xtu
Message-ID: <3a2924d2-31b9-fee5-5548-49c889eca2f4@heigl.org>
Date: Mon, 4 May 2020 07:27:01 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <C4580849-BC5B-45CA-9B57-56CB63B3F8F0@benramsey.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="DWPE0SbNyh8SCqILAdmyBdfVfEYWIkt3m"
Subject: Re: [PHP-DEV] Deprecating uniqid()
From: andreas@heigl.org (Andreas Heigl)

--DWPE0SbNyh8SCqILAdmyBdfVfEYWIkt3m
Content-Type: multipart/mixed; boundary="SSRIC4OkMdBCGujIhi23VetkK5GtWq0gp"

--SSRIC4OkMdBCGujIhi23VetkK5GtWq0gp
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

Hey Ben, hey all

Am 02.05.20 um 21:13 schrieb Ben Ramsey:
>> On May 2, 2020, at 13:57, AllenJB <php.lists@allenjb.me.uk> wrote:
>>
>> Hi all,
>>
>> I'd like to discuss deprecating uniqid()
>>
>> I believe it's dangerously bad a doing "what it says on the tin". New =
developers still reach for it and do not read the warnings on the manual =
page (or if they do, don't fully understand how bad it is).
>>
>> For older codebases that still rely on it, a userland replacement can =
be easily implemented (and could be published on Packagist).
>>
>> I noticed there was an RFC [0][1] brought up 2 years ago, but was neve=
r voted on. Does anyone know why this was?
>>
>> [0] https://externals.io/message/102097
>> [1] https://wiki.php.net/rfc/deprecate-uniqid
>>
>> Is there interest in deprecating this function?
>>
>> If not deprecation, how could it be (further) "improved"? My first tho=
ught is to make the "more entropy" option enabled by default (the argumen=
t could remain so that it can be disabled by codebases that rely on the l=
ower length and can take the tradeoffs).
>=20
>=20
> Instead of deprecating and removing it, would anyone be opposed to repl=
acing the internals of the function so that it uses `random_bytes()` unde=
r the hood, while all other functionality remains the same?

I'D rather deprecate it and give a clear advice on what to use instead
(i.e. in the docs) than changing the internal behaviour and break code.

As replacement I could think of showing people the way to UUIDs.

As the function itself was never intended for cryptographically secure
values I would not see random_* functions or the like as a replacement.

My 0.02 =80

Cheers

Andreas
--=20
                                                              ,,,
                                                             (o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl                                                       |
| mailto:andreas@heigl.org                  N 50=B022'59.5" E 08=B023'58"=
 |
| http://andreas.heigl.org                       http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca                                               |
+---------------------------------------------------------------------+


--SSRIC4OkMdBCGujIhi23VetkK5GtWq0gp--

--DWPE0SbNyh8SCqILAdmyBdfVfEYWIkt3m
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOHo7et0VdZk8RJK34Ff+SCK3tkUFAl6vp6UACgkQ4Ff+SCK3
tkWryA//R208Eu9DKol8tYqQD31zoSrEwJLj1BxSd17+zClrQnbFCLAcuZh0Lwbx
uFlPboYK2kvbF3MnWVpmyAK0FZpG0cb0nPC0hlYYHqMOfRV2UKfT5rV/hRsKtteY
TYF8uwUW3M5nYCvD75WOezBx3jR3CkzWVoNT6bzeySdmWVdFQbpq1gj4bLNNBTff
4jv2uxsf57z55Qzztztv9M9HBMNhV9VhZ21w4rrjOUtt/GE0+Cp5MDj7FFyvglES
fvkTV37WXtwy38wccfz4xEjkITCI4OByNAnrhJGmrawFc5csHkEl0+XY7Ap4a6um
VFebhR9ssIPM/f8OaUlPTcamvhG1k1acM4OnhoS/Zli/3ASOgaAK0TtWW2c47w3J
hdF81o+/jEx0g6iBbBUEX1BG808fprQ6348xHrjiGU5XMnlop9d8LShH/9ngwmcf
8TJdrN6EvntK8/O+c0Kyn6OxjPBVv5+xd6V5q6QK9A8LutwxPwNVO/io1W57n/Td
WJa/W0scNr5HWDpu25drceXIdBOgSQGQOqXIn4/iQVjjM2EvssoK9x3jOUtfDAmP
fEiOtWFCYP5zUGY8KV8069y2PZkvqNG9F/Jhb3I0g8S8NX6l24E/GJ+9KEyWsLKs
g+IOtNe+b3BB6ZOqcVGef9NOU3zzev4n5Q+5+SRzUAXnC3GVckI=
=NYfs
-----END PGP SIGNATURE-----

--DWPE0SbNyh8SCqILAdmyBdfVfEYWIkt3m--