Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72040 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 82218 invoked from network); 3 Feb 2014 06:25:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2014 06:25:33 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.171 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.216.171 mail-qc0-f171.google.com Received: from [209.85.216.171] ([209.85.216.171:37394] helo=mail-qc0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 00/00-15628-C563FE25 for ; Mon, 03 Feb 2014 01:25:32 -0500 Received: by mail-qc0-f171.google.com with SMTP id n7so10426544qcx.2 for ; Sun, 02 Feb 2014 22:25:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CoXPPOfv4BRxY4lDOYQ4DQptCp+XMoQ5voXMxO/juE0=; b=PJycrsik6yIc+NNQzSzxPuxc+w/cuzSCzUU08Ew4hZr+2IlowiwcDKepwJ/eVx8DTs WqWa75wbIqB0l72ikoKhGkjXarkY1Bw4c0KnGi4200+/IzWP6uLeHTUmtuVEh6s7yX/6 QZh+h7UgBZRcDR5NVuF/88bwSWDsH2RVgOKDZGNpxxp7x92OQoLVZtdWubz402Uj9teT qss2gSYtroM+PvitXy+JKxtSEZLw6xIJCjrTnwv7iz31iV17DTiYHXDRU1jMw090hsdM 3cVDU2FINVWNORbAAwC/bSOwsVEtBu6m1+oSV1E/m7Dq8AbZ/TDAiZ2aUEgRPOGY13L0 GWWQ== MIME-Version: 1.0 X-Received: by 10.224.115.11 with SMTP id g11mr17067983qaq.18.1391408720481; Sun, 02 Feb 2014 22:25:20 -0800 (PST) Received: by 10.140.18.129 with HTTP; Sun, 2 Feb 2014 22:25:20 -0800 (PST) In-Reply-To: References: <52EDF552.4010208@divbyzero.net> Date: Mon, 3 Feb 2014 07:25:20 +0100 Message-ID: To: Tjerk Meesters Cc: Yasuo Ohgaki , Martin Jansen , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Extending uniqid() or not? From: pierre.php@gmail.com (Pierre Joye) On Mon, Feb 3, 2014 at 5:59 AM, Tjerk Meesters wrote: > On Mon, Feb 3, 2014 at 9:13 AM, Yasuo Ohgaki wrote: > >> Hi Tjerk, >> >> On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters wrote: >> >>> I think it would be good enough to have only uuid v4: >>> >>> function uuidv4() >>> { >>> $data = openssl_random_pseudo_bytes(16); // or whatever >>> >>> $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010 >>> $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10 >>> >>> return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4)); >>> } >>> >>> It's really just a representation of random data, whereby 6 bits are used >>> for the actual format. >>> >> >> I agree. >> UUID v4 simply generate random ID and it is good for many purposes. >> >> My concern is portability. OpenSSL(or Mcrypt) is provided as module. >> Users tends not to use module functions whenever possible. To address >> this issue, OpenSSL could be a module compiled by default. >> > > You could simply choose between `php_win32_get_random_bytes()` (Windows) or > reading directly from `/dev/xrandom`. Ultimately you have to be prepared to > supplement the data (partially or fully) with calls to `php_rand()`. I cannot agree more, except for the php_rand part, we should avoid it. Both are more than enough for this purpose. As I wrote earlier, it is not necessary to have crypto safe RNGs for uuid generations, definitively not. It would be good not to suddenly overreact for something that should be better documented :) Cheers, -- Pierre @pierrejoye | http://www.libgd.org