Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68613 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51827 invoked from network); 23 Aug 2013 14:12:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Aug 2013 14:12:49 -0000 Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.171 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.220.171 mail-vc0-f171.google.com Received: from [209.85.220.171] ([209.85.220.171:47284] helo=mail-vc0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EC/8C-11927-1ED67125 for ; Fri, 23 Aug 2013 10:12:49 -0400 Received: by mail-vc0-f171.google.com with SMTP id ij15so453676vcb.16 for ; Fri, 23 Aug 2013 07:12:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=N551T5RWiEq3f7sGNIDKTR8KAU14SxPCeyGiFvzOzLo=; b=V+ANu3Kv65ggoCp46jOayOqawSaeBX8Ie/oJNr6OQzYAbbtjr7bwToSjBSKMaH+V+M 6aKdztcHlauyG4XUPHkLU+xBqEnFfp3KXAzr4PbW1ZnWkCDTu1GvWQjjYPNw1cB5Uf3g 0VrKrKAnH8I78aVmUJk9cZN68FHhc/k4oy7+s8T2CSS3zqLGeETROeTpljJqxJ8NkKzs GvcO6lDIsK3AFlcH7dM59a7u1x1kEbUQe+J6ldM4kXcTZ+ImNodzzFhWlAFjYiWYikk/ r2oQPfBzlKiPOCVgf7VevjFVowbRpMiSK9sIkaeBnwZMwv3SfN2En0qY5sgPPKrh6mPe 6YsQ== MIME-Version: 1.0 X-Received: by 10.52.244.78 with SMTP id xe14mr417929vdc.30.1377267166013; Fri, 23 Aug 2013 07:12:46 -0700 (PDT) Received: by 10.58.94.201 with HTTP; Fri, 23 Aug 2013 07:12:45 -0700 (PDT) In-Reply-To: References: Date: Fri, 23 Aug 2013 10:12:45 -0400 Message-ID: To: Yasuo Ohgaki Cc: Leigh , Sebastian Krebs , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c2487a30ed3d04e49e00b6 Subject: Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default From: ircmaxell@gmail.com (Anthony Ferrara) --001a11c2487a30ed3d04e49e00b6 Content-Type: text/plain; charset=ISO-8859-1 Yasuo, > It's absolutely not wise to use it for anything security related, the > > purpose of the function is simply to provide a unique value within a > > system, not a random value, not an unpredictable value. > > > > I agree. > > However, I suppose there are many applications that rely on uniqid() for > critical features like payment or authentication. > Sure, and people use `eval()` for conditionals and `goto` for code structure. We shouldn't alter language design for people making bad decisions. Instead, we should work on documentation and education to fix those kinds of problems. > We need better function as basic feature of PHP. unique_hash() or > hash_unique() might be good. UUID works and is much better but generating > unique hash just like session ID is trivial to implement. > What would this do? How would it work? Would it just be a statistically unique hash? At which point why have it named on `hash` instead of just being a large random number (and hence belongs as a random number generator, not a unique hash thingy)... My $0.02. Anthony --001a11c2487a30ed3d04e49e00b6--