rfc:uniqid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
rfc:uniqid [2016/09/12 02:47] – Add discussion yohgakirfc:uniqid [2017/09/22 13:28] – external edit 127.0.0.1
Line 21: Line 21:
  
   * Current entropy range: About 1 billion   * Current entropy range: About 1 billion
-  * Proposed entropy range: 2^50. About 1048567 billions+  * Proposed entropy range: 2^50 or more. About 1048567 billions.
  
 ===== Proposal ===== ===== Proposal =====
  
 +  * Change "more_entropy" option to int parameter to specify number of entropy chars.
   * Enable "more entropy" option by default.   * Enable "more entropy" option by default.
   * Use php_random_bytes() as entropy source.   * Use php_random_bytes() as entropy source.
  
-==== Note on usage ====+<code php> 
 +  string uniqid([string $prefix [, int $number_of_entropy_chars ]]); 
 +</code> 
 + 
 +Where $number_of_entropy_chars are: 
 + 
 +  * 0 for disable more entropy. (Compatible with current $more_entropy=FALSE) 
 +  * 1 for 10 digits entropy. (Compatible with current $more_entropy=TRUE. About 30 bits entropy) 
 +  * 13 to 255 for number of entropy [0-v]{13,255} chars. (13 chars = 65 bits entropy) 
 + 
 + 
 +== Note on usage ==
  
 Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes.
  
-==== Note on performance ====+== Note on performance ==
  
 usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster. usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster.
  
-==== Note on uniqueness ====+== Note on uniqueness ==
  
 Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual. Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual.
Line 44: Line 56:
 == User shouldn't use uniqid(). uniqid() should be deprecated == == User shouldn't use uniqid(). uniqid() should be deprecated ==
  
-It provides good enough unique ID and many users uses uniqid() for test scripts. We don't have to deprecate it.+It provides good enough unique ID and many users use uniqid() for test scripts. We don't have to deprecate it.
  
 == This gives false sense of security == == This gives false sense of security ==
Line 135: Line 147:
 ===== Rejected Features ===== ===== Rejected Features =====
 Keep this updated with features that were discussed on the mail lists. Keep this updated with features that were discussed on the mail lists.
 +
 +===== ChangeLog =====
 +
 +  * Made 2nd parameter a int 
rfc/uniqid.txt · Last modified: 2021/07/07 09:30 by cmb