Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72047
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94309 invoked from network); 3 Feb 2014 07:21:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Feb 2014 07:21:14 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.49 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.49 mail-la0-f49.google.com  
Received: from [209.85.215.49] ([209.85.215.49:64628] helo=mail-la0-f49.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A6/A2-15628-7634FE25 for <internals@lists.php.net>; Mon, 03 Feb 2014 02:21:12 -0500
Received: by mail-la0-f49.google.com with SMTP id y1so5011371lam.22
        for <internals@lists.php.net>; Sun, 02 Feb 2014 23:21:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=b6xJy/4SdLCanjERL2JdNGeE3423yrvp3bnxOC/gVRI=;
        b=mhVDDsSI9ZIImJ+EqfBCpdjzr/tfcxv1+N7HKuHQOAU8k/ZrmvlNDWJJpUaigBdd81
         TBknC/pixkLzNmiSFm435DTPqdq15XTENK+r//50NMP5gqjiw8/NBNRl7vlC8i+zaS8X
         5qgFRcBuTPCzthjQ0KgjhkGMHnStXtnM4PntNK5/VMQFed8KGk024S6Wq3Q0zuyqiDH0
         JWqvpFXGP31X+rgcSw0DFEJLJ0XaU94BKWBmJ4CndM8BR/Orcp9sn4WmHidudQaFr9ik
         n8NicoeB4vwkrXOxKkoEOmMiMYYID1Fh8KEcpOa8vBUq5w+vUsAqAXLoxg14V887W3HV
         0yKQ==
X-Received: by 10.112.142.230 with SMTP id rz6mr17440019lbb.0.1391412067282;
 Sun, 02 Feb 2014 23:21:07 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.199.37 with HTTP; Sun, 2 Feb 2014 23:20:27 -0800 (PST)
In-Reply-To: <CAEZPtU44pbx+4juoMdN1MjP_Ng3KnnJ_oLM9Ke6MNbXTTxHktA@mail.gmail.com>
References: <CAGa2bXbq1ttBz+hSk20-CkKWvDdHr5+8bBmc04Q22i7K2VSs+A@mail.gmail.com>
 <52EDF552.4010208@divbyzero.net> <CAGa2bXYJRUP58x_XSHgXBy0L0Yiprw=UP-suspWtVqkvYHKC2g@mail.gmail.com>
 <CAHMUw2FQ9vHtROk9NZf8Kwd7O2V3Z1uodu29NZOfDAp0B8M+yQ@mail.gmail.com>
 <CAGa2bXaE5f=nY7mOxcB4ZMjronY6j8bA1n+DcOOR+zXnLR_cng@mail.gmail.com>
 <CAHMUw2Eg513-+=BCDywYbZg8B6=Zz9hr=wk3+Fs-8OHfR-=+4A@mail.gmail.com> <CAEZPtU44pbx+4juoMdN1MjP_Ng3KnnJ_oLM9Ke6MNbXTTxHktA@mail.gmail.com>
Date: Mon, 3 Feb 2014 16:20:27 +0900
X-Google-Sender-Auth: Bfh-kFKLGbyDC0xjDB6kSBVTYIo
Message-ID: <CAGa2bXZ6_fb=HA-Q18YpOqeQNwUZyjo+qW3T8knLs1zs29PuEw@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Tjerk Meesters <tjerk.meesters@gmail.com>, Martin Jansen <martin@divbyzero.net>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e011832b201b5ab04f17b5e75
Subject: Re: [PHP-DEV] Extending uniqid() or not?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e011832b201b5ab04f17b5e75
Content-Type: text/plain; charset=UTF-8

Hi all,

On Mon, Feb 3, 2014 at 3:25 PM, Pierre Joye <pierre.php@gmail.com> wrote:

> On Mon, Feb 3, 2014 at 5:59 AM, Tjerk Meesters <tjerk.meesters@gmail.com>
> wrote:
> > On Mon, Feb 3, 2014 at 9:13 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> >
> >> Hi Tjerk,
> >>
> >> On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters <
> tjerk.meesters@gmail.com>wrote:
> >>
> >>> I think it would be good enough to have only uuid v4:
> >>>
> >>> function uuidv4()
> >>> {
> >>>     $data = openssl_random_pseudo_bytes(16); // or whatever
> >>>
> >>>     $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010
> >>>     $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
> >>>
> >>>     return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data),
> 4));
> >>> }
> >>>
> >>> It's really just a representation of random data, whereby 6 bits are
> used
> >>> for the actual format.
> >>>
> >>
> >> I agree.
> >> UUID v4 simply generate random ID and it is good for many purposes.
> >>
> >> My concern is portability. OpenSSL(or Mcrypt) is provided as module.
> >> Users tends not to use module functions whenever possible. To address
> >> this issue, OpenSSL could be a module compiled by default.
> >>
> >
> > You could simply choose between `php_win32_get_random_bytes()` (Windows)
> or
> > reading directly from `/dev/xrandom`. Ultimately you have to be prepared
> to
> > supplement the data (partially or fully) with calls to `php_rand()`.
>
> I cannot agree more, except for the php_rand part, we should avoid it.
> Both are more than enough for this purpose. As I wrote earlier, it is
> not necessary to have crypto safe RNGs for uuid generations,
> definitively not. It would be good not to suddenly overreact for
> something that should be better documented :)


I think use of RAND is bad idea for creating IVs.
I added E_NOTICE for it.

https://github.com/php/php-src/pull/579/files

E_WARNING might be better.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e011832b201b5ab04f17b5e75--