Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95923
Return-Path: <oishi@giraffy.jp>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72917 invoked from network); 12 Sep 2016 04:42:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Sep 2016 04:42:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=oishi@giraffy.jp; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=kazuo@o-ishi.jp; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain giraffy.jp designates 49.212.134.110 as permitted sender)
X-PHP-List-Original-Sender: oishi@giraffy.jp
X-Host-Fingerprint: 49.212.134.110 www7096uf.sakura.ne.jp  
Received: from [49.212.134.110] ([49.212.134.110:52258] helo=xii.giraffy.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 35/42-58405-12236D75 for <internals@lists.php.net>; Mon, 12 Sep 2016 00:42:11 -0400
Received: from localhost (localhost [127.0.0.1])
	by xii.giraffy.jp (Postfix) with ESMTP id 744067A8039;
	Mon, 12 Sep 2016 13:42:06 +0900 (JST)
X-Virus-Scanned: amavisd-new at giraffy.jp
Received: from xii.giraffy.jp ([127.0.0.1])
	by localhost (xii.giraffy.jp [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mhLa44TjJQAg; Mon, 12 Sep 2016 13:42:00 +0900 (JST)
Received: from lil.giraffy.jp (aa024044.ppp.asahi-net.or.jp [110.5.24.44])
	by xii.giraffy.jp (Postfix) with ESMTPSA id 3534C7A5B01;
	Mon, 12 Sep 2016 13:42:00 +0900 (JST)
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: "internals\@lists.php.net" <internals@lists.php.net>
In-Reply-To: <CAGa2bXYg1kkoYGQNr8T2oTshuqrvweefYO+EdY41w1vwUM32iQ@mail.gmail.com>
	(Yasuo Ohgaki's message of "Mon, 12 Sep 2016 11:54:40 +0900")
References: <CAGa2bXYg1kkoYGQNr8T2oTshuqrvweefYO+EdY41w1vwUM32iQ@mail.gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
Date: Mon, 12 Sep 2016 13:41:59 +0900
Message-ID: <878tuxenl4.fsf@lil.giraffy.jp>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Improve uniqid() uniqueness
From: kazuo@o-ishi.jp (Kazuo Oishi)

Hi,

> This is RFC for improving uniqid() uniqueness.
> https://wiki.php.net/rfc/uniqid
>
> PR
> https://github.com/php/php-src/pull/2123
>
> If there is anything left to discuss, please comment.

I think uniqid() should not be changed in BC break way, it should be
left as is.

You said,

>> Almost all uniqid() usages do not care about return value chars nor
>> length. Therefore, BC will be minimum.
>>
>> https://searchcode.com/?q=uniqid&loc=0&loc2=10000&lan=24

but you may be underestimating.

I found that some code saved output of uniqid() without more_entropy to
DB, in the search results.  Output length change may cause problem in
such case.  And you are not supposed to forget that most of php codes
are not open source and not opened to the public.

In addition, you shoud hear "I expect the numbers to grow" about output
of uniqid(), as reply to you.

-- 
Kazuo Oishi