Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:110001 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 38020 invoked from network); 5 May 2020 10:08:00 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 5 May 2020 10:08:00 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 1F47F1804E3 for ; Tue, 5 May 2020 01:42:50 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 5 May 2020 01:42:48 -0700 (PDT) Received: by mail-wr1-f51.google.com with SMTP id s8so1652363wrt.9 for ; Tue, 05 May 2020 01:42:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G3xed86fCriiWklo/JyzMf9jQj4Z081a/HGH8UAMMP0=; b=qHLL7maWZq2SzIJ1y2/WNvuft8EVQzqDL4kkW+FQ0mpmgWlXbtcjkX754zBMZWn+ey uAj1HPKKbgIzlPjWU4iWHmnf3LxyoM2s/rX9IUojFLkdk5GiRsSTm6Cvu9+vHLa1mGrd E+FOpfWm4rqpg5gnXLdg+gFnu3M8qBcbOocW+RMjYiF3bYd3AUc1dzqD1uxOCVP50qtM xC3PoSPYvOqBFrlvotcqNTpeaF+FlYdQZ/hYg/fxlqPqS6pbKGtpPth6GKqEOpbhW7Qb 4k5bQhQyyFJd5G9fUvCpqunLDmXT6zehy8Uj6xVcSpGTeQoVNoNgee9tcWuB0iHREzDi 6mLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G3xed86fCriiWklo/JyzMf9jQj4Z081a/HGH8UAMMP0=; b=CVt7rrgDjjg0tncS9wsoFibYq0Xg88dyeyU3RS0JaOP94YNZijdmKtN8Zlyd976qK/ 46GtP8YW2LBgnAwPjDXKpv5AYG3m/JkGLulELTetRpQ3i4MY/KVCyWIuvcx5VZySfHjs 1JNLGoGXXRNHWY1Ix4SZsZTrL4WphUWqqGlamCKh/BvakK6fTMyLej8JG9VPX9mFPHIA fsLCgMG15civvgPZhZeWD7URzeuCWGEjAERFK+canWOEDp51YIotiZU9rDYgbVeVdwdt dv3B3aDzkEAxSL9d3ukOpyayaM2AOft/oLkqIxcNQjBRej+6eSrcKmdnXb38cykYlyX0 Ip9A== X-Gm-Message-State: AGi0PuYxlFJFuUWZboEaa78LL5pRpct+wmeOcxRKo2u5LwI3hjk/ZC54 eb5ZC6ISLDUPKKekj/+ZNQkWz/kv1jKXnh2JpBY= X-Google-Smtp-Source: APiQypI8JHBBO9X3q5h4yUdJJD4y2bPw6k/xJNj10SycoQqbYaG6LKDKDPluUnvWt8VqPswkcj1BMWwO64k+J7GadYE= X-Received: by 2002:adf:e910:: with SMTP id f16mr2330030wrm.176.1588668166102; Tue, 05 May 2020 01:42:46 -0700 (PDT) MIME-Version: 1.0 References: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk> <3a2924d2-31b9-fee5-5548-49c889eca2f4@heigl.org> In-Reply-To: Date: Tue, 5 May 2020 10:42:19 +0200 Message-ID: To: Rowan Tommins Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000b4e38805a4e2a101" Subject: Re: [PHP-DEV] Deprecating uniqid() From: arvids.godjuks@gmail.com (Arvids Godjuks) --000000000000b4e38805a4e2a101 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 5 May 2020 at 10:26, Rowan Tommins wrote: > On Tue, 5 May 2020 at 08:52, Peter Bowyer > wrote: > > > > > On Tue, 5 May 2020 at 07:38, Niklas Keller wrote: > > > >> Rowan Tommins schrieb am Mo., 4. Mai 2020, > >> 10:59: > >> > Although the name sounds similar, I don't think UUID would be a good > >> > replacement for uniqid(). In my experience, it's used for things lik= e > >> > generating ID attributes for HTML elements, or suffixes for table > >> names, or > >> > even file names; applications that really just need a few alphanumer= ic > >> > characters that are different each time. > >> > >> Seems like UUIDs would be a good fit for all of these. > >> > > > > For file names, absolutely. In many cases they have to be unique across > > all processes, and that's important. For the others I say a UUID is onl= y > a > > good replacement if taking a substring of a UUID is going to be unique. > > > > > As well as being nearly 3 times as long as the current uniqid() output, a > UUID is generally formatted with hyphens, which may be disallowed or > require careful quoting in various contexts. If you have to strip those > out, or otherwise manipulate the result to fit the use case, you've faile= d > at the original aim of having a single function that doesn't need further > processing. (Leaving aside the fact that we don't actually have any UUID > functions in core.) > > Regards, > -- > Rowan Tommins > [IMSoP] > The same notion here. UUID's and random_bytes sometimes are overkill, too slow or you can just exhaust the random source. I have a use-case where I needed exactly the way uniqid worked (with more_entropy =3D true) - a serial incrementing random value that I needed t= o create for 20-30 thousand items in one request. It was fast, efficient and there was absolutely no need to have a truly random value. And it needed to be human-readable easily because it was also sent via SMS in some cases. So in my opinion, a better replacement for uniqid is needed - have it generate a bigger string with more entropy and better underline algorithm, but it being time-based should be a thing stiff. And do not call it a "random_string" or something, cause it's not that :) Thanks! --=20 Arv=C4=ABds Godjuks +371 26 851 664 arvids.godjuks@gmail.com Skype: psihius Telegram: @psihius https://t.me/psihius --000000000000b4e38805a4e2a101--