Hi,
I know this thread is about uniqid(), but MCrypt and OpenSSL
extensions are already mentioned anyway.
I think the underlying problem here is that PHP doesn't provide a
cryptographically-secure PRNG generator by default. This might not be
a concern for uniqid() in particular, but it certainly is a problem.
Both of the above-mentioned extensions are optional and as such are
not the go-to choice for randomness in most applications. The lack of
a "by default" cryptography extension is another problem, but RNG is
more important.
Cheers,
Andrey.
Hi!
I think the underlying problem here is that PHP doesn't provide a
cryptographically-secure PRNG generator by default. This might not be
That's not an engine task, this is an extension task. And there are
extensions that do it.
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227