Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95858
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 42826 invoked from network); 9 Sep 2016 12:58:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Sep 2016 12:58:37 -0000
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 108.166.43.107 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 108.166.43.107 smtp107.ord1c.emailsrvr.com  
Received: from [108.166.43.107] ([108.166.43.107:52256] helo=smtp107.ord1c.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8B/68-61313-AF1B2D75 for <internals@lists.php.net>; Fri, 09 Sep 2016 08:58:36 -0400
Received: from smtp22.relay.ord1c.emailsrvr.com (localhost [127.0.0.1])
	by smtp22.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 6301EE01D9;
	Fri,  9 Sep 2016 08:58:32 -0400 (EDT)
X-Auth-ID: fsb@thefsb.org
Received: by smtp22.relay.ord1c.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 32AAEE018D;
	Fri,  9 Sep 2016 08:58:32 -0400 (EDT)
X-Sender-Id: fsb@thefsb.org
Received: from yossy.local (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA)
	by 0.0.0.0:587 (trex/5.7.7);
	Fri, 09 Sep 2016 08:58:32 -0400
To: Arvids Godjuks <arvids.godjuks@gmail.com>
References: <CAGa2bXaM8q0mwhkz+XL6jbBaVLHDZ_-Jfj0aOPUq+te=fV=wow@mail.gmail.com>
 <CANUQDCgcmLozTs4xcTTXfqd_UZC9oEKubmr_iZfYLwBcg3sxfQ@mail.gmail.com>
 <CAGa2bXb-ZD9ea+o4xqqsFtQJw7iM0Pzq1XTgof_2UPSTaY2PSg@mail.gmail.com>
 <CAL0xaBE-HzFz+rbzBJ_bEM1fuCKjcQ1K5yAokQra+CFMP_8x3w@mail.gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Message-ID: <e9986152-69cb-68e8-a593-cfa2736526c4@thefsb.org>
Date: Fri, 9 Sep 2016 08:58:26 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0)
 Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAL0xaBE-HzFz+rbzBJ_bEM1fuCKjcQ1K5yAokQra+CFMP_8x3w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] Make uniqid() more unique
From: fsb@thefsb.org (Tom Worster)

On 9/9/16 4:36 AM, Arvids Godjuks wrote:

> It's also useful in other cases, where using a full blown true random
> source is just overkill.

Users should not hesitate to use random_bytes() or php_random_bytes() or 
any of the functions that use them.


> For example, my recent usage was to use the result of uniqid('', true) as a
> few parameters in URL's instead of plain numeric ID. Client just wanted to
> users can't do a +1 and see someone else's result page that might have a
> different text or a different campaign even. And I do need to generate
> those id's in bursts - 200 to 600 id's in a single action, I would imagine
> generating 600 random strings of ~20 char length can be hard on the source
> of the randomness, may even deplete it.

It is not possible to deplete this source of randomness.


> And I expect the numbers to grow.
> So, deprecating it I think is really an overreaction. It's a handy tool. It
> can be used to generate filenames too, and a lot of other stuff.
>
> My thoughts are - improve it. Yes, the standard uniqid() is a bit too
> short, I have never used it without the second "true" parameter and that
> dot in the middle of the string is annoying - I had to strip it out every
> use case I had.