Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97563
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82453 invoked from network); 7 Jan 2017 19:08:09 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2017 19:08:09 -0000
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.217 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.217 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.217] ([81.169.146.217:16379] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 29/86-37836-89C31785 for <internals@lists.php.net>; Sat, 07 Jan 2017 14:08:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1483816085;
	l=11488; s=domk; d=kelunik.com;
	h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To:
	MIME-Version;
	bh=Igk7LWRF1aNVBm+5uOZ4UvDzZrYM+/0Y+xWZevmoVAw=;
	b=eQIc/tSL18YI9OZR6DTi6KNuHfVBx8AWX+OzZ9QqNC8nV0FtkZEzz8tf0EXdnC1xXo
	acmoe/WqAt619Ql36fjMhyBoJdBZdtP8mjkVe3bo63D6d64Khc0q/Oz0LsRmTyLv/Rz8
	yi36A9dnkKFs1W4aLt6c1ufDX3S+fCgPkZoNo=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNJBqD/tMc=
X-RZG-CLASS-ID: mo00
Received: from mail-qt0-f174.google.com ([209.85.216.174])
	by smtp.strato.de (RZmta 39.11 AUTH)
	with ESMTPSA id n0a10at07J85LBs
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Sat, 7 Jan 2017 20:08:05 +0100 (CET)
Received: by mail-qt0-f174.google.com with SMTP id k15so335601580qtg.3
        for <internals@lists.php.net>; Sat, 07 Jan 2017 11:08:05 -0800 (PST)
X-Gm-Message-State: AIkVDXKWu4R5N07UAH0dR+GM8tsQdfZttwAKMHeQkJyQreCVbFEGAXr/BDbPh1gM9SjHwWIEUYG3obChdW/eZg==
X-Received: by 10.200.57.199 with SMTP id v65mr4400014qte.13.1483816084800;
 Sat, 07 Jan 2017 11:08:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.141.204 with HTTP; Sat, 7 Jan 2017 11:08:04 -0800 (PST)
In-Reply-To: <CAGa2bXaZPBYTaXzNDnA32BCBoZ_FzFUnRNYKFY8b1TXAWSwMyg@mail.gmail.com>
References: <CAGa2bXZ9EzWHDTBg_ZHGW4KdjiFK4tpE7aMCVTZD5n+UZ2vEWA@mail.gmail.com>
 <7500b0c6a50baf49beac70ae01e8b50d@koti.fimnet.fi> <CAGa2bXaZPBYTaXzNDnA32BCBoZ_FzFUnRNYKFY8b1TXAWSwMyg@mail.gmail.com>
Date: Sat, 7 Jan 2017 20:08:04 +0100
X-Gmail-Original-Message-ID: <CANUQDCjY9bVGaOU8G90VSnF=iEyowgLjQ4o6d2+ONwPQRX+w_g@mail.gmail.com>
Message-ID: <CANUQDCjY9bVGaOU8G90VSnF=iEyowgLjQ4o6d2+ONwPQRX+w_g@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114fcf9ca59127054585da48
Subject: Re: [PHP-DEV] Use decent entropy for uniqid($prefix, TRUE)
From: me@kelunik.com (Niklas Keller)

--001a114fcf9ca59127054585da48
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

2017-01-07 2:15 GMT+01:00 Yasuo Ohgaki <yohgaki@ohgaki.net>:

> Hi Lauri,
>
> On Wed, Jan 4, 2017 at 4:56 AM, Lauri Kentt=C3=A4 <lauri.kentta@gmail.com=
>
> wrote:
>
> > On 2016-12-31 01:20, Yasuo Ohgaki wrote:
> >
> >> +               zend_long rand;
> >> +               php_random_int(1000000000, 9999999999, &rand, 1);
> >> +               uniqid =3D strpprintf(0, "%s%08x%05x%.8F", prefix, sec=
,
> >> usec, (double)rand/10000000000);
> >>
> >
> > Your code is broken. It produces 0.10000000 - 0.99999999 when it should
> > produce 0.00000000 - 9.99999999. Also, you have integer overflow on
> 32-bit
> > systems.
> >
> > Why do you mess with oversized integers and doubles and at all? It woul=
d
> > be cleaner and simpler to use just regular 32-bit integers like this:
> >
> > +               zend_long rand;
> > +               php_random_int(0, 999999999, &rand, 1);
> > +               uniqid =3D strpprintf(0, "%s%08x%05x%d.%08d", prefix, s=
ec,
> > usec, rand % 10, rand / 10);
> >
> > Also, your argument about PHPMailer has nothing to do with your main
> > complaint about lcg_value, since collisions of lcg_value are not the
> > problem there.
> >
>
> +               php_random_int(1000000000, 9999999999, &rand, 1);
>
> This should be
>
> +               php_random_int(0, 9999999999, &rand, 1);
>
> Anyway, I forgot about 32 bit systems. Thank you for catching this.
>
> My original patch is better, then,
>
> [yohgaki@dev PHP-master]$ git show 48f1a17886d874dc90867c669481804de90
> commit 48f1a17886d874dc90867c669481804de90509e8
> Author: Yasuo Ohgaki <yohgaki@php.net>
> Date:   Tue Oct 18 09:04:57 2016 +0900
>
>     Fix bug #47890 #73215 uniqid() should use better random source
>
> diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c
> index f429e6d..207cf01 100644
> --- a/ext/standard/uniqid.c
> +++ b/ext/standard/uniqid.c
> @@ -35,9 +35,11 @@
>  #include <sys/time.h>
>  #endif
>
> -#include "php_lcg.h"
> +#include "php_random.h"
>  #include "uniqid.h"
>
> +#define PHP_UNIQID_ENTROPY_LEN 10
> +
>  /* {{{ proto string uniqid([string prefix [, bool more_entropy]])
>     Generates a unique ID */
>  #ifdef HAVE_GETTIMEOFDAY
> @@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid)
>          * digits for usecs.
>          */
>         if (more_entropy) {
> -               uniqid =3D strpprintf(0, "%s%08x%05x%.8F", prefix, sec, u=
sec,
> php_combined_lcg() * 10);
> +               int i;
> +               unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1];
> +
> +               for(i =3D 0; i < PHP_UNIQID_ENTROPY_LEN;) {
> +                       php_random_bytes_throw(&c, sizeof(c));
> +                       /* Avoid modulo bias */
> +                       if (c > 249) {
> +                               continue;
> +                       }
> +                       entropy[i] =3D c % 10 + '0';
> +                       i++;
> +               }
> +               /* Set . for compatibility */
> +               entropy[1] =3D '.';
> +               entropy[PHP_UNIQID_ENTROPY_LEN] =3D '\0';
> +               uniqid =3D strpprintf(0, "%s%08x%05x%s", prefix, sec, use=
c,
> entropy);
>         } else {
>                 uniqid =3D strpprintf(0, "%s%08x%05x", prefix, sec, usec)=
;
>         }
>
>
> I'll revert the revert commit to master.
>
>
> > Why don't you put your effort into a more useful solution such as
> > random_string or something?
> > random_string(PHP_STRING_HEX_LOWER, 32) would produce md5-style output.
> > random_string(PHP_STRING_BASE64, 32) would produce a lot more entropy.
> > random_string("my_charset", 20) would cover the general case.
> > random_array([1,2,3], 20) could extend this to arbitrary arrays.
> >
>
> They are useful. I would like to have such functions, too. However, they
> don't fix uniqid() problem. i.e. They are out of scope of uniqid()
> improvement. As I mentioned, we should get rid of useless goccha like
> uniqid() is merely a system timestamp. i.e. more_entropy option should be
> enabled by default. Additionally, we may provide stronger entropy such as
> 128 bits random value.
>
> Do you think uniqid() is good function that we should keep as it is now,
> forever? I guess you do not. Why not improve it


Because it's a BC break. A new function with the deprecation of the old one
is way easier for developers to handle. They don't need version checks.
Maybe it will work on older versions, but will behave differently.

Regards, Niklas

--001a114fcf9ca59127054585da48--