Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72023
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 38141 invoked from network); 2 Feb 2014 23:07:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2014 23:07:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.182 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.217.182 mail-lb0-f182.google.com  
Received: from [209.85.217.182] ([209.85.217.182:61518] helo=mail-lb0-f182.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8D/C5-30967-8CFCEE25 for <internals@lists.php.net>; Sun, 02 Feb 2014 18:07:52 -0500
Received: by mail-lb0-f182.google.com with SMTP id w7so4783570lbi.41
        for <internals@lists.php.net>; Sun, 02 Feb 2014 15:07:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=KXl/5u5CECVWvaslaYolXtBfirdKr5GA6vFhDLSpnUo=;
        b=PRXP1EM7e6D4qN5gHmf5tbNBec9qXKIF1LliYma0f49op8AFt8Yb49lhvivPj/T/eo
         wQFMjIrjVpTBOtqHQ973Nhx4HNo9rpAc9ggllGucsF4x/HCWo1r9t4+26RV3yGBP6MUr
         p3sup8+HtGCuiG+aUn4U1cNW7fyFT0PAXP35nutMTT4V0g/UIDLXDYzirpbu9w+6k0hD
         lTPJISa2afx+uveqbXk6bDhA1lf1doItjlxSFTXp+nHM8n8Cc4OBRPwv6ModggzIji/B
         MpGEwTab47wCD6/t2/Z8Jgle/TgJkQismtUNh9ULeknxb0XCvPswUpVtZsS5MMIVl9aZ
         WKQw==
X-Received: by 10.152.5.199 with SMTP id u7mr11388679lau.16.1391382469323;
 Sun, 02 Feb 2014 15:07:49 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.199.37 with HTTP; Sun, 2 Feb 2014 15:07:09 -0800 (PST)
In-Reply-To: <52EECE85.6090904@sugarcrm.com>
References: <CAGa2bXbq1ttBz+hSk20-CkKWvDdHr5+8bBmc04Q22i7K2VSs+A@mail.gmail.com>
 <52EE1EDC.2010309@sugarcrm.com> <CAGa2bXZZ3ug3oWg_im5bHUDjo2EHVeBMqU0fvB4WU-4OZTMCuw@mail.gmail.com>
 <52EECE85.6090904@sugarcrm.com>
Date: Mon, 3 Feb 2014 08:07:09 +0900
X-Google-Sender-Auth: od5FIYkQ0DSXKhn8NuJLRWL68PU
Message-ID: <CAGa2bXbfp0UUKGiTOCq6=3F9shyY2U26Qn_W1vt8ur-pj56RvA@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e013d1a78d4af6d04f17479f5
Subject: Re: [PHP-DEV] Extending uniqid() or not?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e013d1a78d4af6d04f17479f5
Content-Type: text/plain; charset=UTF-8

Hi Stas,

On Mon, Feb 3, 2014 at 8:02 AM, Stas Malyshev <smalyshev@sugarcrm.com>wrote:

>
> > My question is if we should extend uniqid() or add new function that
> > actually
> > generates safe ID string. We may add more description to uniqid() page,
>
> How mcrypt_create_iv is not safe? It generates a random string, you need
> a random string, what's unsafe in it?


It's safe as long as users do not use RAND as random source.

There are many use cases that users need secure random string and
there are many mistakes out there. I'm questioning if we should have
easy to use and easy to find function for it or not.

Better documentation is valid option rather than have a function.
Do you suggest documentation as a solution?

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e013d1a78d4af6d04f17479f5--