Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96432
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 22075 invoked from network); 18 Oct 2016 12:13:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Oct 2016 12:13:08 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:40703] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 86/DD-40890-2D116085 for <internals@lists.php.net>; Tue, 18 Oct 2016 08:13:08 -0400
Received: (qmail 91339 invoked by uid 89); 18 Oct 2016 12:13:02 -0000
Received: from unknown (HELO mail-qt0-f173.google.com) (yohgaki@ohgaki.net@209.85.216.173)
  by 0 with ESMTPA; 18 Oct 2016 12:13:02 -0000
Received: by mail-qt0-f173.google.com with SMTP id f6so155625170qtd.2
        for <internals@lists.php.net>; Tue, 18 Oct 2016 05:13:02 -0700 (PDT)
X-Gm-Message-State: AA6/9Rkvq5YGQAwubvVQ56DQ1xkBn2ix23/f5CYCpgLEbQFg0gmv7KiARk1ChtPGO64nCxbi7RNimgg3u7h5eQ==
X-Received: by 10.200.50.157 with SMTP id z29mr107354qta.11.1476792776354;
 Tue, 18 Oct 2016 05:12:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.84.168 with HTTP; Tue, 18 Oct 2016 05:12:15 -0700 (PDT)
In-Reply-To: <CANUQDCh=yK38sbjYHQQJD_uLrMfjmHa9nWz+tEjS4RjiDN1W=Q@mail.gmail.com>
References: <CAGa2bXYg1kkoYGQNr8T2oTshuqrvweefYO+EdY41w1vwUM32iQ@mail.gmail.com>
 <CAGa2bXZLB6SsC3FQyntaDy93YfG5rDigJH6GpC5dF7MZJuJ=LQ@mail.gmail.com>
 <CAGa2bXaM_rSbmSx_bPE4erG6ok1KLdXSqnJP5ngxUNBsrzu0pw@mail.gmail.com>
 <CAPwsocHhsm9Zrh=rpF=Pbct6t5wKfAa-wirGfGjmxV8pi4nttw@mail.gmail.com>
 <CAGa2bXaMMaZn1GyrnT6Bgz3xCMDkFs+YNwHoNZe_1ge5LjLPDg@mail.gmail.com>
 <CAPwsocHXhpQNCYXVN0DHj77M0cA3eAgKuStOPquNUjx=46W1Mw@mail.gmail.com>
 <CAGa2bXaEyd+Qcc7EAQwTEVJY-zD_cK37AYXfM_534YesBG0xOA@mail.gmail.com>
 <CAPwsocHqbeYw=2S6EZG+5zUEWMSM5V2OoG9uLO05sbQffJ1GPw@mail.gmail.com>
 <CAGa2bXZGWFW1gXx4uuAehw0MGADWPMXVuD7wsSJuAQ6f6HJv6A@mail.gmail.com>
 <CAGa2bXZ1wGO_x4z5agJ0+uWX4xfuOYX1or4KziwbMa9v_+-JxA@mail.gmail.com>
 <CANUQDCh9RSnOs__c4crYsH44z0L-mHkTTCgAn-d1bSgH09yL0w@mail.gmail.com>
 <CAGa2bXbDR4EnSU0UUMQR4OGaEAJGPkf7s9M+56CyCPvJ=XSbUQ@mail.gmail.com>
 <CANUQDChPsJHZ73=ke_yo+Pbu2B8rRcFrUYZWJiD5TrwECY4hEA@mail.gmail.com>
 <CAGa2bXZ98ZKER2hRp=2pvTYGVLGXFzkdefFfoERojgQvarHUBw@mail.gmail.com>
 <CAL=_i_kCOqvf-8WVOogNDFvkGiTdD8pdT1PC8oVpsYd5BHg=2g@mail.gmail.com>
 <CAGa2bXZWj21vNVaoWHwUYxp_Zw0_eR4sSwReUC4qBn_6oqEJmg@mail.gmail.com>
 <CAGa2bXbcWQm_AXeSxB-BSRjwYD1de8NKvD+6-J+6q5Ru3HmRVg@mail.gmail.com> <CANUQDCh=yK38sbjYHQQJD_uLrMfjmHa9nWz+tEjS4RjiDN1W=Q@mail.gmail.com>
Date: Tue, 18 Oct 2016 21:12:15 +0900
X-Gmail-Original-Message-ID: <CAGa2bXbmZTsTFFE-rh5=Uh=Gq_FHhdCM9eFb0XrVySQGs=2R=A@mail.gmail.com>
Message-ID: <CAGa2bXbmZTsTFFE-rh5=Uh=Gq_FHhdCM9eFb0XrVySQGs=2R=A@mail.gmail.com>
To: Niklas Keller <me@kelunik.com>
Cc: Joe Watkins <pthreads@pthreads.org>, Leigh <leight@gmail.com>, 
	PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Niklas,

On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller <me@kelunik.com> wrote:
>>
>> As you can see from last minutes discussion.
>>
>> "/dev/urandom cannot be read" is FUD.
>> It's pure bug fix. (I intentionally made patch easy to extend used
>> chars, though)
>>
>> Would you consider revert the revert?
>
>
> This discussion shows there should be a RFC and a vote. I'd not consider
> this a simple bug fix, after all it doesn't really fix it.
>
> If we want to fix it in core, we'd better include an UUID generation
> mechanism than fixing uniq_id.

UUID like uniqueness is not the subject of uniqid(), isn't it?

As I wrote, it's simple bug fix.
---------------
The patch committed is pure bug fix.

uniqid() is simply _broken_ because it does not provide expected uniqueness due
to timestamp based php_combined_lcg(). (I added large warning to the manual
recently, though)

unique id (time stamp) + entropy (timestamp based entropy)

Who argue result is reasonably unique?
Who don't use NTP to adjust system time?
---------------

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net