Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95924
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79792 invoked from network); 12 Sep 2016 06:57:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Sep 2016 06:57:24 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:36750] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 49/F2-58405-0D156D75 for <internals@lists.php.net>; Mon, 12 Sep 2016 02:57:22 -0400
Received: (qmail 31768 invoked by uid 89); 12 Sep 2016 06:57:17 -0000
Received: from unknown (HELO mail-qk0-f171.google.com) (yohgaki@ohgaki.net@209.85.220.171)
  by 0 with ESMTPA; 12 Sep 2016 06:57:17 -0000
Received: by mail-qk0-f171.google.com with SMTP id z190so122824481qkc.3
        for <internals@lists.php.net>; Sun, 11 Sep 2016 23:57:16 -0700 (PDT)
X-Gm-Message-State: AE9vXwMrE741d1ptzBZA5OzNtffma+yVDlP6PeyptbBCTSS9NleZukNbFrshvPYS9VV0jnoQ+8W/lEYBMLKaFw==
X-Received: by 10.55.159.77 with SMTP id i74mr17584519qke.60.1473663429223;
 Sun, 11 Sep 2016 23:57:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.84.168 with HTTP; Sun, 11 Sep 2016 23:56:28 -0700 (PDT)
In-Reply-To: <878tuxenl4.fsf@lil.giraffy.jp>
References: <CAGa2bXYg1kkoYGQNr8T2oTshuqrvweefYO+EdY41w1vwUM32iQ@mail.gmail.com>
 <878tuxenl4.fsf@lil.giraffy.jp>
Date: Mon, 12 Sep 2016 15:56:28 +0900
X-Gmail-Original-Message-ID: <CAGa2bXaTydTSZniX4dUA9h_FcNaymyqfDXQJO0zx1ZDfLmvWdg@mail.gmail.com>
Message-ID: <CAGa2bXaTydTSZniX4dUA9h_FcNaymyqfDXQJO0zx1ZDfLmvWdg@mail.gmail.com>
To: Kazuo Oishi <kazuo@o-ishi.jp>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Improve uniqid() uniqueness
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Kazuo,

On Mon, Sep 12, 2016 at 1:41 PM, Kazuo Oishi <kazuo@o-ishi.jp> wrote:
>
>> This is RFC for improving uniqid() uniqueness.
>> https://wiki.php.net/rfc/uniqid
>>
>> PR
>> https://github.com/php/php-src/pull/2123
>>
>> If there is anything left to discuss, please comment.
>
> I think uniqid() should not be changed in BC break way, it should be
> left as is.
>
> You said,
>
>>> Almost all uniqid() usages do not care about return value chars nor
>>> length. Therefore, BC will be minimum.
>>>
>>> https://searchcode.com/?q=uniqid&loc=0&loc2=10000&lan=24
>
> but you may be underestimating.
>
> I found that some code saved output of uniqid() without more_entropy to
> DB, in the search results.  Output length change may cause problem in
> such case.  And you are not supposed to forget that most of php codes
> are not open source and not opened to the public.
>
> In addition, you shoud hear "I expect the numbers to grow" about output
> of uniqid(), as reply to you.

I know some code breaks, but it's not many. It's not fatal BC also.

IMHO, uniqid() should try to generate uniqid() possible. uniqid() does produce
non unique ID because it is system time based. This change mitigates impact of
misuse also which is common in both open and close codes.

Which is important?
 - Fix known issues and generate unique ID (as much as possible)
 - Let it generate non unique ID and ignore for some code may complain.

Fixing is my priority.

Smart developers uses mt_rand() to improve uniqueness, but such tweak
shouldn't be needed in the first place as uniqid() should generate unique ID.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net