Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96438 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 41595 invoked from network); 18 Oct 2016 16:43:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Oct 2016 16:43:54 -0000 Authentication-Results: pb1.pair.com header.from=kalle.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=kalle.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.65 as permitted sender) X-PHP-List-Original-Sender: kalle.php@gmail.com X-Host-Fingerprint: 209.85.214.65 mail-it0-f65.google.com Received: from [209.85.214.65] ([209.85.214.65:33711] helo=mail-it0-f65.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D6/D0-40890-84156085 for ; Tue, 18 Oct 2016 12:43:53 -0400 Received: by mail-it0-f65.google.com with SMTP id k64so187142itb.0 for ; Tue, 18 Oct 2016 09:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=lI4k8u5yPDCAqbpoqwGU2EPosVFt/a8U94Gt+EG8sZI=; b=FuM0nSbuNZv0Bt8MrLg8wlLG4SuljUM5CQ0X/Tha9U4jIbNC1fwV7+hOQqmJxkocnb p29UuIqfP2zQCHinhMGklTK3TI8vRfCNQtpW/rMj2zJTST4ZE9AGu3NWJpf0DzeYU8Ta CdOxTIVMVNGbz7yIlbKmbZo8i2crcUaMlnFXq2coa57RYS2+aezaswPzSQp5A0W1yQsB 90GNTNkFiHoNxSDrfeyjPxzCRM4C/0ddjLDrh56lt3+wZifChWLADUX/1sZtEe5QZ5SU 1sHx+u2oILjAIazmrv4udBPrQOgnBJsmMbKxRtHbL48k9L/Df38jqNJYUgXFqMb6Rgtu VlAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=lI4k8u5yPDCAqbpoqwGU2EPosVFt/a8U94Gt+EG8sZI=; b=X0SUogMKOSWMJtKRQ9eyzHAmk3JCfoVkMgO12KlTIf3VOb6ZSXdgHAtMNJzSNNTDJl Qigu2N6uJFJ1VIT+hlBNeD/BEhYcFXSBKht4SGuDS8tgxhp3qQfbyJq3gpseCVdvb96C 1YHaR/fKTUwqLLdtOithS4DmqRr3AKSCcqlH0+I2BE2J/ht5+elcOZvkAOvVYfeyuxUJ KqqaWhv1owPbWt8KdFrlmSwAdtpPERcTCOxRfp3jGWFmmeaJO1cQPnCq+UcNJ6GksLsD rAS849O7gKK1lZP+KDs1VubEBIQnhSomObyMK/SIYWmCmahvuyAwOQKlTM/Fm+zxE7R0 sjkA== X-Gm-Message-State: AA6/9RlWJKAkAwp9aYBZF6ZG+GbUSf3vO9UqY90VEdZCQBz9M7bcrZ3FXnG0ko4Z/jUVQvMF+wS761K0pQAy/w== X-Received: by 10.36.44.144 with SMTP id i138mr15339534iti.98.1476809029958; Tue, 18 Oct 2016 09:43:49 -0700 (PDT) MIME-Version: 1.0 Sender: kalle.php@gmail.com Received: by 10.107.19.233 with HTTP; Tue, 18 Oct 2016 09:43:49 -0700 (PDT) In-Reply-To: <070001d2295e$76b7d730$64278590$@belski.net> References: <070001d2295e$76b7d730$64278590$@belski.net> Date: Tue, 18 Oct 2016 18:43:49 +0200 X-Google-Sender-Auth: yUvjW8hd5BLw6UUwjXlLcyvqn24 Message-ID: To: Anatol Belski Cc: Yasuo Ohgaki , Joe Watkins , Niklas Keller , Leigh , PHP Internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness From: kalle@php.net (Kalle Sommer Nielsen) 2016-10-18 18:41 GMT+02:00 Anatol Belski : > AFM the patch is not acceptable for 7.0. It is true that some place was m= oved to the new random int functionality (in password AFAIR). But, it is do= ne at the place and the way that a BC breach is unlikely. Using the throwin= g variant is for sure a BC breach, but also the way pushing while being exp= licitly asked to go through an RFC, is inappropriate. As the new random_* f= unctions are available and allow to implement the best possible uniqueness = in user land, changing the algorithm of the existing uniqid() doesn't look = to have a valid base. I must add, despite not following the discussion entirely, that it should also be approved by the two 7.1 RMs to be committed, considering we are in RC4 stage at this point and I don't think we should just commit things this late without the RM consent to it. --=20 regards, Kalle Sommer Nielsen kalle@php.net