Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95822 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 70271 invoked from network); 9 Sep 2016 07:40:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Sep 2016 07:40:50 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.220 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.220 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.220] ([81.169.146.220:57521] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 36/2B-61313-D7762D75 for ; Fri, 09 Sep 2016 03:40:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1473406841; l=2620; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=atUviJHNXFU3tl9UaFsKoxXCeXwA+Q3CSJQryR5uFFU=; b=eNAtR8CSG/KjimCNpejRmbHrkw9Z275xbsk5RuPaqU0p6tceYfZJmEEPpX8fmcgoKiu 6Od234B2CfzSDFi4d6f1JmjF/eCJOh9L3AJTVEW06dn/5K6GoFldVDRK0El+6Y1ai+vWa +H0eRJ44eVnWsuBfXIBfN2K49ujDE8Rp7eE= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3s6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f48.google.com ([74.125.82.48]) by smtp.strato.de (RZmta 39.1 AUTH) with ESMTPSA id R0a0e1s897efGdH (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Fri, 9 Sep 2016 09:40:41 +0200 (CEST) Received: by mail-wm0-f48.google.com with SMTP id 1so17113674wmz.1 for ; Fri, 09 Sep 2016 00:40:41 -0700 (PDT) X-Gm-Message-State: AE9vXwNEnBd2Hpdeype3xW3fRw235J5jV4TTFp3ccupUnqaTBWQj66tusSCVwn7twPrXA1m84eV/8LDcYh1ctQ== X-Received: by 10.28.165.133 with SMTP id o127mr1127017wme.3.1473406841160; Fri, 09 Sep 2016 00:40:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.180.7 with HTTP; Fri, 9 Sep 2016 00:40:40 -0700 (PDT) In-Reply-To: References: Date: Fri, 9 Sep 2016 09:40:40 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a114b3ca0608e55053c0e435f Subject: Re: [PHP-DEV] [RFC] Make uniqid() more unique From: me@kelunik.com (Niklas Keller) --001a114b3ca0608e55053c0e435f Content-Type: text/plain; charset=UTF-8 2016-09-09 7:12 GMT+02:00 Yasuo Ohgaki : > Hi all, > > We all know, uniqid() is not unique at all and not safe as random ID > at all. This would be one of the most misused function because of its > name. > > https://github.com/php/php-src/blob/master/ext/standard/uniqid.c#L44 > > Bug report for this > https://bugs.php.net/bug.php?id=55391 > > I would like to > - Enable more entropy parameter on by default > - Add 256 bits random value (64 chars by HEX) from > php_random_bytes() instead of 1 char from php_combined_lcg() > > If all of us think "just fix it", then I'll just fix this in master w/o > RFC. I think it's better to leave it as is and deprecate and discourage its use. There's already a big warning there. Dunno whether there are really valid use cases for it. Regards, Niklas --001a114b3ca0608e55053c0e435f--