Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71985
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 56345 invoked from network); 2 Feb 2014 10:12:45 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2014 10:12:45 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.43 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.216.43 mail-qa0-f43.google.com  
Received: from [209.85.216.43] ([209.85.216.43:40998] helo=mail-qa0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 15/86-30967-B1A1EE25 for <internals@lists.php.net>; Sun, 02 Feb 2014 05:12:44 -0500
Received: by mail-qa0-f43.google.com with SMTP id o15so8693771qap.30
        for <internals@lists.php.net>; Sun, 02 Feb 2014 02:12:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=NKUQyTaBG9BguKAF5zLuSSySdkART0s0UdRVfTD8g1Y=;
        b=MK1oQ2uW+RFrkGv0E4zxdhAIBYR5iCIeXLI8EFFPYFYpYKSyOzZ17ala2gv0gBXOp4
         uQ7Fr7kWWu8v6ap6P2BQajiEkGoS1WlWkkCc7/xw43t89nqlDTuZ7KRZrAM/x1AMA9Fl
         lXZebMf2yk4l1FnG00LxjLo6EtlRb85pCujVzkrzB3KnsS6+6aIYtvun0Z9TIn7MBGRR
         LIzg0352cLiAzylLVYjDm1Z4NDv4zB5vz4GnhHhcFVKRc0MGwqTuQri1VBj4HSvAr5qL
         bnsvqihUnTEuNW23l7NQ1Sxvjg85ewFur2HKJNzGQS4bBpBPr1jKBAIQy0Vk7WErkGI+
         sOSg==
X-Received: by 10.224.74.129 with SMTP id u1mr46596464qaj.49.1391335961235;
 Sun, 02 Feb 2014 02:12:41 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.224.2.194 with HTTP; Sun, 2 Feb 2014 02:12:01 -0800 (PST)
In-Reply-To: <52EDF552.4010208@divbyzero.net>
References: <CAGa2bXbq1ttBz+hSk20-CkKWvDdHr5+8bBmc04Q22i7K2VSs+A@mail.gmail.com>
 <52EDF552.4010208@divbyzero.net>
Date: Sun, 2 Feb 2014 19:12:01 +0900
X-Google-Sender-Auth: pOCDSAqmihw_pqL1juslri6ZmR4
Message-ID: <CAGa2bXYJRUP58x_XSHgXBy0L0Yiprw=UP-suspWtVqkvYHKC2g@mail.gmail.com>
To: Martin Jansen <martin@divbyzero.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e01538ddcbb988204f169a564
Subject: Re: [PHP-DEV] Extending uniqid() or not?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e01538ddcbb988204f169a564
Content-Type: text/plain; charset=UTF-8

On Sun, Feb 2, 2014 at 4:35 PM, Martin Jansen <martin@divbyzero.net> wrote:

> On 02.02.14 05:32, Yasuo Ohgaki wrote:
> >  string safe_uniqid([ing $length=64])
> >
> > It generate ID using good RNG such as /dev/urandom, /dev/arandom for
> > UNIXes, openssl RNG for Windows when they are available. It does not use
> > hash function, but simply convert RNG binary data into text. The same
> > algorithm that is used for session ID may be used. (Use
> > hash_bits_per_character=5, since it only contains alphanumeric chars)
> Since
> > it does not use hash, it's fast.
> >
> > Any comments? Any good names?
>
> The documentation for uniqid() is pretty clear about the fact that it's
> not cryptographically secure and recomends openssl_random_pseudo_bytes()
> as a replacement. Shouldn't we just try to come up with sane default
> values for its $length parameter instead of adding yet another new
> function?
>

I added the warning to the doc recently.

I see codes that uses uniqid() as a source of safe unique id generation
using
hash functions which is not secure in fact.

We are better to provide easy to use safe unique ID generation function to
prevent this kind of usage even if user could do in user land. Writing a
portable one is not simple enough.

> string safe_uniqid([ing $length=64])

Sorry, there is typo and option should be descriptive. It should be

string safe_uniqid([int $length_of_returned_unique_id_string=64');

This function is totally different from current uniqid().
I don't like the name. I hope some one think of good name for it.

> P.S. Is anyone working UUID? PostgreSQL is using OSSP's UUID lib, it's
> good
> > for PHP.
> > http://www.postgresql.org/docs/9.2/interactive/uuid-ossp.html
>
> There's http://pecl.php.net/package/uuid.


It uses ext2 UUID. Isn' it only available for linux, is it?
It' a LGPL license also. It's not preferred license for core...

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e01538ddcbb988204f169a564--