rfc:uniqid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
rfc:uniqid [2016/09/12 02:32] – created yohgakirfc:uniqid [2017/09/22 13:28] – external edit 127.0.0.1
Line 21: Line 21:
  
   * Current entropy range: About 1 billion   * Current entropy range: About 1 billion
-  * Proposed entropy range: 2^50. About 1048567 billions+  * Proposed entropy range: 2^50 or more. About 1048567 billions.
  
 ===== Proposal ===== ===== Proposal =====
  
 +  * Change "more_entropy" option to int parameter to specify number of entropy chars.
   * Enable "more entropy" option by default.   * Enable "more entropy" option by default.
   * Use php_random_bytes() as entropy source.   * Use php_random_bytes() as entropy source.
  
-==== Note on usage ====+<code php> 
 +  string uniqid([string $prefix [, int $number_of_entropy_chars ]]); 
 +</code> 
 + 
 +Where $number_of_entropy_chars are: 
 + 
 +  * 0 for disable more entropy. (Compatible with current $more_entropy=FALSE) 
 +  * 1 for 10 digits entropy. (Compatible with current $more_entropy=TRUE. About 30 bits entropy) 
 +  * 13 to 255 for number of entropy [0-v]{13,255} chars. (13 chars = 65 bits entropy) 
 + 
 + 
 +== Note on usage ==
  
 Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes.
 +
 +== Note on performance ==
 +
 +usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster.
 +
 +== Note on uniqueness ==
 +
 +Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual.
 +
 +===== Discussions =====
 +
 +== User shouldn't use uniqid(). uniqid() should be deprecated ==
 +
 +It provides good enough unique ID and many users use uniqid() for test scripts. We don't have to deprecate it.
 +
 +== This gives false sense of security ==
 +
 +It mitigates risks of misuses, but users should not misunderstand new uniqid() generates crypt secure random values.
 +
 +
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 46: Line 78:
 Current implementation output example: Current implementation output example:
  
- $ php -r 'var_dump(uniqid(), uniqid("", TRUE));' +  $ php -r 'var_dump(uniqid(), uniqid("", TRUE));' 
- string(13) "57d60ed86d339" +  string(13) "57d60ed86d339" 
- string(23) "57d60ed86d33c9.09289803"+  string(23) "57d60ed86d33c9.09289803"
  
 ==== Chars used by "more entropy" ==== ==== Chars used by "more entropy" ====
Line 56: Line 88:
 Proposed implementation output example: Proposed implementation output example:
  
- $ ./php-bin -r 'var_dump(uniqid("", FALSE), uniqid("", TRUE));' +  $ ./php-bin -r 'var_dump(uniqid("", FALSE), uniqid("", TRUE));' 
- string(13) "57d60f6bc6637" +  string(13) "57d60f6bc6637" 
- string(23) "57d60f6bc6654mb7167bnou"+  string(23) "57d60f6bc6654mb7167bnou"
  
  
Line 115: Line 147:
 ===== Rejected Features ===== ===== Rejected Features =====
 Keep this updated with features that were discussed on the mail lists. Keep this updated with features that were discussed on the mail lists.
 +
 +===== ChangeLog =====
 +
 +  * Made 2nd parameter a int 
rfc/uniqid.txt · Last modified: 2021/07/07 09:30 by cmb

Page Tools