Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97550 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17952 invoked from network); 7 Jan 2017 01:16:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jan 2017 01:16:02 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:48046] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F4/ED-23307-F4140785 for ; Fri, 06 Jan 2017 20:16:01 -0500 Received: (qmail 42173 invoked by uid 89); 7 Jan 2017 01:15:56 -0000 Received: from unknown (HELO mail-wm0-f53.google.com) (yohgaki@ohgaki.net@74.125.82.53) by 0 with ESMTPA; 7 Jan 2017 01:15:56 -0000 Received: by mail-wm0-f53.google.com with SMTP id t79so51830029wmt.0 for ; Fri, 06 Jan 2017 17:15:56 -0800 (PST) X-Gm-Message-State: AIkVDXIN5nW4dvvfYZCcks06wYipwq2atSMKboz1zOaygWHuJkGEB5jLuaYFmbuaZ7ZebHs6Uv7+lmD3u+7nGw== X-Received: by 10.223.164.130 with SMTP id g2mr3124794wrb.84.1483751750062; Fri, 06 Jan 2017 17:15:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.195.12.8 with HTTP; Fri, 6 Jan 2017 17:15:09 -0800 (PST) In-Reply-To: <7500b0c6a50baf49beac70ae01e8b50d@koti.fimnet.fi> References: <7500b0c6a50baf49beac70ae01e8b50d@koti.fimnet.fi> Date: Sat, 7 Jan 2017 10:15:09 +0900 X-Gmail-Original-Message-ID: Message-ID: To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=f403045f24e0ff59ad054576df07 Subject: Re: [PHP-DEV] Use decent entropy for uniqid($prefix, TRUE) From: yohgaki@ohgaki.net (Yasuo Ohgaki) --f403045f24e0ff59ad054576df07 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Lauri, On Wed, Jan 4, 2017 at 4:56 AM, Lauri Kentt=C3=A4 = wrote: > On 2016-12-31 01:20, Yasuo Ohgaki wrote: > >> + zend_long rand; >> + php_random_int(1000000000, 9999999999, &rand, 1); >> + uniqid =3D strpprintf(0, "%s%08x%05x%.8F", prefix, sec, >> usec, (double)rand/10000000000); >> > > Your code is broken. It produces 0.10000000 - 0.99999999 when it should > produce 0.00000000 - 9.99999999. Also, you have integer overflow on 32-bi= t > systems. > > Why do you mess with oversized integers and doubles and at all? It would > be cleaner and simpler to use just regular 32-bit integers like this: > > + zend_long rand; > + php_random_int(0, 999999999, &rand, 1); > + uniqid =3D strpprintf(0, "%s%08x%05x%d.%08d", prefix, sec= , > usec, rand % 10, rand / 10); > > Also, your argument about PHPMailer has nothing to do with your main > complaint about lcg_value, since collisions of lcg_value are not the > problem there. > + php_random_int(1000000000, 9999999999, &rand, 1); This should be + php_random_int(0, 9999999999, &rand, 1); Anyway, I forgot about 32 bit systems. Thank you for catching this. My original patch is better, then, [yohgaki@dev PHP-master]$ git show 48f1a17886d874dc90867c669481804de90 commit 48f1a17886d874dc90867c669481804de90509e8 Author: Yasuo Ohgaki Date: Tue Oct 18 09:04:57 2016 +0900 Fix bug #47890 #73215 uniqid() should use better random source diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index f429e6d..207cf01 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -35,9 +35,11 @@ #include #endif -#include "php_lcg.h" +#include "php_random.h" #include "uniqid.h" +#define PHP_UNIQID_ENTROPY_LEN 10 + /* {{{ proto string uniqid([string prefix [, bool more_entropy]]) Generates a unique ID */ #ifdef HAVE_GETTIMEOFDAY @@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid) * digits for usecs. */ if (more_entropy) { - uniqid =3D strpprintf(0, "%s%08x%05x%.8F", prefix, sec, use= c, php_combined_lcg() * 10); + int i; + unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1]; + + for(i =3D 0; i < PHP_UNIQID_ENTROPY_LEN;) { + php_random_bytes_throw(&c, sizeof(c)); + /* Avoid modulo bias */ + if (c > 249) { + continue; + } + entropy[i] =3D c % 10 + '0'; + i++; + } + /* Set . for compatibility */ + entropy[1] =3D '.'; + entropy[PHP_UNIQID_ENTROPY_LEN] =3D '\0'; + uniqid =3D strpprintf(0, "%s%08x%05x%s", prefix, sec, usec, entropy); } else { uniqid =3D strpprintf(0, "%s%08x%05x", prefix, sec, usec); } I'll revert the revert commit to master. > Why don't you put your effort into a more useful solution such as > random_string or something? > random_string(PHP_STRING_HEX_LOWER, 32) would produce md5-style output. > random_string(PHP_STRING_BASE64, 32) would produce a lot more entropy. > random_string("my_charset", 20) would cover the general case. > random_array([1,2,3], 20) could extend this to arbitrary arrays. > They are useful. I would like to have such functions, too. However, they don't fix uniqid() problem. i.e. They are out of scope of uniqid() improvement. As I mentioned, we should get rid of useless goccha like uniqid() is merely a system timestamp. i.e. more_entropy option should be enabled by default. Additionally, we may provide stronger entropy such as 128 bits random value. Do you think uniqid() is good function that we should keep as it is now, forever? I guess you do not. Why not improve it Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --f403045f24e0ff59ad054576df07--