Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95963
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75865 invoked from network); 13 Sep 2016 01:08:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Sep 2016 01:08:18 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:38777] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 75/72-60695-F7157D75 for <internals@lists.php.net>; Mon, 12 Sep 2016 21:08:17 -0400
Received: (qmail 85366 invoked by uid 89); 13 Sep 2016 01:08:12 -0000
Received: from unknown (HELO mail-qk0-f173.google.com) (yohgaki@ohgaki.net@209.85.220.173)
  by 0 with ESMTPA; 13 Sep 2016 01:08:12 -0000
Received: by mail-qk0-f173.google.com with SMTP id w204so161090328qka.0
        for <internals@lists.php.net>; Mon, 12 Sep 2016 18:08:11 -0700 (PDT)
X-Gm-Message-State: AE9vXwPWbziV2z6DTLlw4wUuiziTueBNi0Ld4RUQIRMOi60FK0lNGGxePRDCfrCIiVjy2MG37YyY6jDjsnvH/Q==
X-Received: by 10.55.166.81 with SMTP id p78mr22929130qke.18.1473728884616;
 Mon, 12 Sep 2016 18:08:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.84.168 with HTTP; Mon, 12 Sep 2016 18:07:24 -0700 (PDT)
In-Reply-To: <6370f3c9-0904-bac9-0f9e-e563e9af9843@gmail.com>
References: <CAGa2bXYg1kkoYGQNr8T2oTshuqrvweefYO+EdY41w1vwUM32iQ@mail.gmail.com>
 <878tuxenl4.fsf@lil.giraffy.jp> <CAGa2bXaTydTSZniX4dUA9h_FcNaymyqfDXQJO0zx1ZDfLmvWdg@mail.gmail.com>
 <87twdlcs2j.fsf@lil.giraffy.jp> <CAGa2bXaziNMtNAgsJgX-BCgLL9z2WkoSaP8aNVrAgwo9MJ4WEQ@mail.gmail.com>
 <6370f3c9-0904-bac9-0f9e-e563e9af9843@gmail.com>
Date: Tue, 13 Sep 2016 10:07:24 +0900
X-Gmail-Original-Message-ID: <CAGa2bXaHagrquNw063jeJUX=vnnyOugMps881tbRgRaMJ2Ef-w@mail.gmail.com>
Message-ID: <CAGa2bXaHagrquNw063jeJUX=vnnyOugMps881tbRgRaMJ2Ef-w@mail.gmail.com>
To: Rowan Collins <rowan.collins@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Improve uniqid() uniqueness
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Rowan,

On Mon, Sep 12, 2016 at 10:47 PM, Rowan Collins <rowan.collins@gmail.com> wrote:
>
> uniqid() has never been, and is not claimed to be, guaranteed unique to any
> particular standard.

Right. We need to improve documentation. It only has crypt related
usage warning now.

> On 12/09/2016 13:08, Yasuo Ohgaki wrote:
>>
>> Since we have to change "more entropy" to TRUE by default
>
>
> Is your intention that the version without "more entropy" be deprecated, and
> at some point the option removed? Or do you just want to increase the
> visibility of this option by enabling it by default?

I don't think we should remove "more entropy" option now, but it may
be preferred.

Currently, I'm proposing "more entropy" by default and use of better
entropy source.

>
> In other words, do you consider the function to be broken / useless if this
> option is not set to true? Or do you think users don't understand when to
> use it and when not?

It's useful. It's works as serial ID in most cases.

Apparently, some users don't understand what is does. Some of them are
fatal misusages.

>
>> why not use much better entropy? php_combined_lcg() is legacy entropy
>> generator
>> _must not_ be used now. New code's entropy is more than a million
>> times better for the same length. 50 bits entropy is far less enough for
>> crypt safety, though.
>
>
> What costs and benefits will users see of changing the entropy generator?
> Does it make uniqid() collisions less likely, and if so what kind of
> probability are we talking about? Does it have a speed or memory cost (over
> the existing more_entropy version, i.e. ignoring sleep)?

I pasted simple benchmark to the PR.
New code uses about 2x cpu time on my Fedora 24. CSPRNG uses more complex
code than php_combined_lcg(), so this is expected.

> Even if we accept a) that the default parameters should be changed, and b)
> that the source for "more entropy" should be changed, I'm not clear why the
> output format also needs to change. Is there some reason the output of
> php_random_bytes() can't be encoded into decimal digits, rather than [0-v]?

If I encode php_random_bytes() to the same length of digits, it does
not increase entropy space. It remains about a million (a little less
than 10 bits).  It's too small for current baseline.

Proposed code has 50 bits entropy. Besides php_combined_lcg() is based
on system time. Therefore, it is extremely poor entropy source for
uniqid() which generates timestamp string. It's more than a million
times better entropy than now. Since uniqid() has  timestamp string
prefix, collision is unlikely and very close to 0, it's much more
reliable than now.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net