Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96247 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46656 invoked from network); 5 Oct 2016 10:25:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Oct 2016 10:25:00 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:46531] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D2/02-23443-8F4D4F75 for ; Wed, 05 Oct 2016 06:24:58 -0400 Received: (qmail 69942 invoked by uid 89); 5 Oct 2016 10:24:53 -0000 Received: from unknown (HELO mail-qk0-f179.google.com) (yohgaki@ohgaki.net@209.85.220.179) by 0 with ESMTPA; 5 Oct 2016 10:24:53 -0000 Received: by mail-qk0-f179.google.com with SMTP id o68so73828848qkf.3 for ; Wed, 05 Oct 2016 03:24:53 -0700 (PDT) X-Gm-Message-State: AA6/9RmsS4P931+N53BcJ5DKHn/l5+Wp/ZhS+8tB9T5Qj+HvwgXP8FoUbHZhE9ESDmewhoZSKAvW3oZWfMT7DQ== X-Received: by 10.55.141.199 with SMTP id p190mr8711202qkd.185.1475663087208; Wed, 05 Oct 2016 03:24:47 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.84.168 with HTTP; Wed, 5 Oct 2016 03:24:06 -0700 (PDT) In-Reply-To: References: Date: Wed, 5 Oct 2016 19:24:06 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Leigh Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Leigh, On Wed, Oct 5, 2016 at 5:25 PM, Leigh wrote: > The list was missed off of Yasuo's replies to me, replying including the > list Me too :) > > On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote: >> >> Hi Leigh, >> >> On Tue, Oct 4, 2016 at 7:06 PM, Leigh wrote: >> > Since we want to preserve BC >> > >> > entropy = random_int(0, 99999999); >> > uniqid = strpprintf(0, "%s%08x%05x.%08d", prefix, sec, usec, entropy); >> >> Current entropy is _double_ from php_combined_lcg() and has 10 chars >> length, >> has [0-9].[0-9]{8} format. >> >> "F"->"d" does not work. It should be something like >> >> entropy = (double) random_int(0, 9999999999); > > > No it shouldn't. Don't do this. It is an unnecessary conversion. The fact > the lcg returns a double is irrelevant. What is relevant is the 8 digits in > order to maintain BC. The 8 digits you receive from random_int will still be > higher quality than the 10 you get from the lcg rounded to 8 places. > >> >> uniqid = strpprintf(0, "%s%08x%05x.%08F", prefix, sec, usec, >> entropy/100000000); There is misunderstanding for the format. The patch is made to be fully compatible with current output. php_combined_lcg() produces value between 1 and 0. It is multiplied by 10, and 8 decimal numbers are used, so additional entropy is something like 1.23456789 (10 chars) [yohgaki@dev ~]$ php -v PHP 5.6.26 (cli) (built: Sep 16 2016 04:36:41) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies [yohgaki@dev ~]$ php -r 'var_dump(uniqid(), uniqid("", true));' string(13) "57f4ce3df2ea5" string(23) "57f4ce3df2ea81.98781982" Current uniqid('', true) adds 1 int char + '.' + 8 decimal char. Tricky format string, but this is what it does. If we would like to avoid int to double conversion, we may call php_random_int() twice. Not sure if it's worth or not, though. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net