Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95852
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29756 invoked from network); 9 Sep 2016 11:49:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Sep 2016 11:49:39 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:60727] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 41/F5-61313-0D1A2D75 for <internals@lists.php.net>; Fri, 09 Sep 2016 07:49:39 -0400
Received: (qmail 107512 invoked by uid 89); 9 Sep 2016 11:49:33 -0000
Received: from unknown (HELO mail-qk0-f182.google.com) (yohgaki@ohgaki.net@209.85.220.182)
  by 0 with ESMTPA; 9 Sep 2016 11:49:33 -0000
Received: by mail-qk0-f182.google.com with SMTP id v123so78684098qkh.2
        for <internals@lists.php.net>; Fri, 09 Sep 2016 04:49:32 -0700 (PDT)
X-Gm-Message-State: AE9vXwNaXhzSKNCkdaNjIdZDE0/Or07w5nV+5OqOMF8emGexQ1T4h49NPGDYwHNCvuy4LDp5QyoyssO0pZj3Ig==
X-Received: by 10.55.184.198 with SMTP id i189mr3169482qkf.96.1473421766962;
 Fri, 09 Sep 2016 04:49:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.84.168 with HTTP; Fri, 9 Sep 2016 04:48:46 -0700 (PDT)
In-Reply-To: <CAL0xaBGf=iTNTU51p2XniX84REykwg-D8v0VWxkSKAvnYdmZCA@mail.gmail.com>
References: <CAGa2bXaM8q0mwhkz+XL6jbBaVLHDZ_-Jfj0aOPUq+te=fV=wow@mail.gmail.com>
 <CANUQDCgcmLozTs4xcTTXfqd_UZC9oEKubmr_iZfYLwBcg3sxfQ@mail.gmail.com>
 <CAGa2bXb-ZD9ea+o4xqqsFtQJw7iM0Pzq1XTgof_2UPSTaY2PSg@mail.gmail.com>
 <CAL0xaBE-HzFz+rbzBJ_bEM1fuCKjcQ1K5yAokQra+CFMP_8x3w@mail.gmail.com>
 <CANUQDCgFzzCNCihP7DnsZRv8k7WkOT7htB_tKpoSp1wqpizmCQ@mail.gmail.com> <CAL0xaBGf=iTNTU51p2XniX84REykwg-D8v0VWxkSKAvnYdmZCA@mail.gmail.com>
Date: Fri, 9 Sep 2016 20:48:46 +0900
X-Gmail-Original-Message-ID: <CAGa2bXas59za=AunyQLqnF6jJkrGfPcS2q4jhq7CO1J0Jt8Qhg@mail.gmail.com>
Message-ID: <CAGa2bXas59za=AunyQLqnF6jJkrGfPcS2q4jhq7CO1J0Jt8Qhg@mail.gmail.com>
To: Arvids Godjuks <arvids.godjuks@gmail.com>
Cc: Niklas Keller <me@kelunik.com>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] Make uniqid() more unique
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

On Fri, Sep 9, 2016 at 8:18 PM, Arvids Godjuks <arvids.godjuks@gmail.com> wrote:
>
> Hm, without "true" you get 13 chars, with "true" - 20+.

Sorry. It's

$ php -r 'var_dump(uniqid(), uniqid("", true));'
string(13) "57d29c20c04c3"
string(23) "57d29c20c04c50.55225401"

I misread sprintf format.

Anyway, we may use extra 10 chars to make it more random if it should
keep compatibility. It seems uniqid() is popular for test scripts, so
it would be preferred keeping it. It does not harm any with test
script thanks to higher precision timers of current systems.

Some of us feel returning almost random value from uniqid() is
overkill. This is reasonable. I'll prepare patch that uses 10 chars
for 50 bits extra entropy from php_random_bytes() by default. It will
be a little safer even when user misuses uniqid() while keeping
most compatibility.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net