Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:110043
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94742 invoked from network); 6 May 2020 14:09:30 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 6 May 2020 14:09:30 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0EB84180088
	for <internals@lists.php.net>; Wed,  6 May 2020 05:44:41 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <nikita.ppv@gmail.com>
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  6 May 2020 05:44:40 -0700 (PDT)
Received: by mail-lj1-f180.google.com with SMTP id a21so2167882ljb.9
        for <internals@lists.php.net>; Wed, 06 May 2020 05:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=JxeOiuXsd6oojVchcLe5hqs6XmpzvC5qRlxdIQkldow=;
        b=a2MAjSHDOutgFGPtNRXFposzhEd3df/69W4UnOeFpeJ/4amCF3674Uc+E+aQhEJwQJ
         Z83M0gUHV31zc7gEcF3kMztGWO125Zln9yZOtEfdj14LAPd2Nk2TMt771JArtAp6vAGz
         kCoAov/tiTZmAtDgLaPPPF6wEuq0V2ky2ELMKYcNKnfxUkJxm4+lTeBRBfcizZsV3XVf
         0mP3ZH7NOKoRWU9ZFQPIFiBMWnIn2KOWhUdTBTwgjBYfHoQnexypCNmdCB5byBcdJOk6
         8zMQD8HxJkLuiDQhv66Bmd09oiS1pbyusJXbN7JijNrXZMD4l54uwH31MUX9/PMTJzOS
         nhfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=JxeOiuXsd6oojVchcLe5hqs6XmpzvC5qRlxdIQkldow=;
        b=TzUvZZ5ryypJUIMsphPqJD+aJLbyhYBrogPrxwuCYr+ORJSRW01fe25f89ilxgx1Rs
         Wkgo4XwGltyDxYyzHnCBlb+gmbCMy5ztDRjAUCaoORwYacuIawKBy1Z9Ayyt8I88raWm
         ICZ8baWdrUYEiHWIrrKdpKRbhCuDQ3CM2JwvVHItOA+fLQQICzQ1Xawz9XE4aehITNtg
         7zNsWtB88piH2BqW2qyIOFaEddPyj70Lg4yJLsVy6Vs3wjLGcTTXcT0EJkaS9M/t9Bf4
         aPX7Tdu1kNcwM9qgEfmsWc4W1gX6G2f9GiZ4BRwTzhxIf9GfIqIuDGUevWtTwb4FN+nT
         t2rg==
X-Gm-Message-State: AGi0Pua0CvSQOtsnR50aqCHUe6ST6HO4Alt1el4w4+2muM7CWVvsu0eh
	iS7mJme6h1jWG2rS4G0Z+C4xMvabbBepyLblr93z5Q43Yo4=
X-Google-Smtp-Source: APiQypInfxZGdevobZ23FGcGB+Ybih/qcX/JozZmNrQm3fKLSeEoNYhQnhMaZdg9V+JmBWoFJmD/H4a5/+sKq8cCXWw=
X-Received: by 2002:a2e:9a04:: with SMTP id o4mr4746447lji.117.1588769079132;
 Wed, 06 May 2020 05:44:39 -0700 (PDT)
MIME-Version: 1.0
References: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
 <C4580849-BC5B-45CA-9B57-56CB63B3F8F0@benramsey.com> <3a2924d2-31b9-fee5-5548-49c889eca2f4@heigl.org>
 <CALKiJKoXfW2usFmHS2ev2ihe6i=SV5JQaMgQmHCi5-rqeEdOWw@mail.gmail.com>
 <CANUQDCi3+fzy9E9kJ-vuDsTXMwNko9PpBUBAGUTxacdaQFPE5g@mail.gmail.com>
 <CAJvSBVMGEyqKNOxtGLyVqKrc0YRpiTyc8Ok55cocSS-2trL=Xw@mail.gmail.com>
 <CALKiJKpTf3AyhLjbMOu+gO--gmgatZ0Nazbsj2AZ-L2PVvOe5w@mail.gmail.com>
 <CAL0xaBG-VLN6pMPoKttkCZLXdzOKJLo0mdZvL2ggOy1Fqjae8w@mail.gmail.com> <D21D4456-228B-4059-9B51-F40B3EC94286@gmail.com>
In-Reply-To: <D21D4456-228B-4059-9B51-F40B3EC94286@gmail.com>
Date: Wed, 6 May 2020 14:44:22 +0200
Message-ID: <CAF+90c8LkMOQXGDqDhyOEr8SjUyy+omdBczGXqJp6SNa0yezrA@mail.gmail.com>
To: Rowan Tommins <rowan.collins@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000097850b05a4fa2001"
Subject: Re: [PHP-DEV] Deprecating uniqid()
From: nikita.ppv@gmail.com (Nikita Popov)

--00000000000097850b05a4fa2001
Content-Type: text/plain; charset="UTF-8"

On Wed, May 6, 2020 at 2:34 PM Rowan Tommins <rowan.collins@gmail.com>
wrote:

> On 5 May 2020 09:42:19 BST, Arvids Godjuks <arvids.godjuks@gmail.com>
> wrote:
> >So in my opinion, a better replacement for uniqid is needed - have it
> >generate a bigger string with more entropy and better underline algorithm,
> >but it being time-based should be a thing stiff. And do not call it a
> >"random_string" or something, cause it's not that :)
>
>
> A question just got posted on Stack Overflow asking for pretty much
> exactly what we've been discussing:
> https://stackoverflow.com/q/61634022/157957
>
> You're right that the requirements for "random" and "unique" are distinct.
> Perhaps what we need is a unique_string function that allows you to specify
> the format (length and some control over allowed characters) and uses a mix
> of randomness and time (perhaps using the same time source as hrtime()?).
>
> Then uniqid() could be deprecated, and anyone relying on its exact format
> could write a polyfill, while people wanting other formats wouldn't need to
> mess around with binhex, hexdec, etc.
>

A possible candidate for this would be ULID (https://github.com/ulid/spec),
which is basically timestamp + random + base32 encoding. The timestamp part
makes ULIDs approximately lexicographically orderable, the random part
makes sure things are unique when generated in parallel and the base32
encoding avoids people having to deal with raw binary data.

Regards,
Nikita

--00000000000097850b05a4fa2001--