Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71977
Return-Path: <martin@divbyzero.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40712 invoked from network); 2 Feb 2014 07:35:56 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2014 07:35:56 -0000
Authentication-Results: pb1.pair.com header.from=martin@divbyzero.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=martin@divbyzero.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain divbyzero.net from 87.230.111.147 cause and error)
X-PHP-List-Original-Sender: martin@divbyzero.net
X-Host-Fingerprint: 87.230.111.147 mx.bauer-kirch.de Linux 2.6
Received: from [87.230.111.147] ([87.230.111.147:60160] helo=mx.bauer-kirch.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5B/B3-30967-655FDE25 for <internals@lists.php.net>; Sun, 02 Feb 2014 02:35:55 -0500
Received: by mx.bauer-kirch.de with ESMTP id 1W9raj-0005ce-VG; Sun, 02 Feb 2014 08:35:46 +0100
Message-ID: <52EDF552.4010208@divbyzero.net>
Date: Sun, 02 Feb 2014 08:35:46 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
CC: "internals@lists.php.net" <internals@lists.php.net>
References: <CAGa2bXbq1ttBz+hSk20-CkKWvDdHr5+8bBmc04Q22i7K2VSs+A@mail.gmail.com>
In-Reply-To: <CAGa2bXbq1ttBz+hSk20-CkKWvDdHr5+8bBmc04Q22i7K2VSs+A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Extending uniqid() or not?
From: martin@divbyzero.net (Martin Jansen)

On 02.02.14 05:32, Yasuo Ohgaki wrote:
>  string safe_uniqid([ing $length=64])
> 
> It generate ID using good RNG such as /dev/urandom, /dev/arandom for
> UNIXes, openssl RNG for Windows when they are available. It does not use
> hash function, but simply convert RNG binary data into text. The same
> algorithm that is used for session ID may be used. (Use
> hash_bits_per_character=5, since it only contains alphanumeric chars) Since
> it does not use hash, it's fast.
> 
> Any comments? Any good names?

The documentation for uniqid() is pretty clear about the fact that it's
not cryptographically secure and recomends openssl_random_pseudo_bytes()
as a replacement. Shouldn't we just try to come up with sane default
values for its $length parameter instead of adding yet another new function?

> P.S. Is anyone working UUID? PostgreSQL is using OSSP's UUID lib, it's good
> for PHP.
> http://www.postgresql.org/docs/9.2/interactive/uuid-ossp.html

There's http://pecl.php.net/package/uuid.

- Martin