Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72035 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71181 invoked from network); 3 Feb 2014 04:59:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2014 04:59:15 -0000 Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.42 as permitted sender) X-PHP-List-Original-Sender: tjerk.meesters@gmail.com X-Host-Fingerprint: 209.85.212.42 mail-vb0-f42.google.com Received: from [209.85.212.42] ([209.85.212.42:50742] helo=mail-vb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 29/00-03615-2222FE25 for ; Sun, 02 Feb 2014 23:59:15 -0500 Received: by mail-vb0-f42.google.com with SMTP id i3so4472990vbh.1 for ; Sun, 02 Feb 2014 20:59:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RA19oiIwqc+A4QeTswJ6jaxjQOMvmTWunsOLYKWUgSs=; b=waFYaFeIq/Va95hRJEFFcYajmcAaguvCqyVAQF0+a82SK1LOjI6T32w9M4eSNwf5vU Ooo8e/CkzVjjMZnCndKcr2wo9UbpyAxP/LLBM+il0f9p66p+3k0c9Q8X6j0qy4zxyCZ0 LTZn+327vJmpXmfGvRSMvFYKHtguxxClHEnBaCZOpmDMzlwhWIsoMXLJ/XZh0K2lNR6h X1fGdXDeMWcmPCrjxkscWex9E4HwhjhwsHQr2ULxGltugo7yR278ISB+TNy0IdBtAekF ggVtUhytSHee/NcjjU0mAyHNqCDB+wCosAgqfjm1QjJXIRbux5KdYeL9FnbLK+Dwomp7 RtOg== MIME-Version: 1.0 X-Received: by 10.58.168.142 with SMTP id zw14mr130717veb.33.1391403552341; Sun, 02 Feb 2014 20:59:12 -0800 (PST) Received: by 10.58.133.229 with HTTP; Sun, 2 Feb 2014 20:59:12 -0800 (PST) In-Reply-To: References: <52EDF552.4010208@divbyzero.net> Date: Mon, 3 Feb 2014 12:59:12 +0800 Message-ID: To: Yasuo Ohgaki Cc: Martin Jansen , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=047d7b6da0287a02d304f1796268 Subject: Re: [PHP-DEV] Extending uniqid() or not? From: tjerk.meesters@gmail.com (Tjerk Meesters) --047d7b6da0287a02d304f1796268 Content-Type: text/plain; charset=ISO-8859-1 On Mon, Feb 3, 2014 at 9:13 AM, Yasuo Ohgaki wrote: > Hi Tjerk, > > On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters wrote: > >> I think it would be good enough to have only uuid v4: >> >> function uuidv4() >> { >> $data = openssl_random_pseudo_bytes(16); // or whatever >> >> $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010 >> $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10 >> >> return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4)); >> } >> >> It's really just a representation of random data, whereby 6 bits are used >> for the actual format. >> > > I agree. > UUID v4 simply generate random ID and it is good for many purposes. > > My concern is portability. OpenSSL(or Mcrypt) is provided as module. > Users tends not to use module functions whenever possible. To address > this issue, OpenSSL could be a module compiled by default. > You could simply choose between `php_win32_get_random_bytes()` (Windows) or reading directly from `/dev/xrandom`. Ultimately you have to be prepared to supplement the data (partially or fully) with calls to `php_rand()`. > Security matters for all applications. Compiling OpenSSL by default would > be nice to have. > > Any comments? > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > > -- -- Tjerk --047d7b6da0287a02d304f1796268--