rfc:uniqid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:uniqid [2016/09/12 02:41] – Add uniqueness note yohgakirfc:uniqid [2021/07/07 09:30] (current) – RFC is inactive cmb
Line 4: Line 4:
   * Date Modified: 2016-09-12   * Date Modified: 2016-09-12
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under+  * Status: Inactive
   * First Published at: http://wiki.php.net/rfc/uniqid   * First Published at: http://wiki.php.net/rfc/uniqid
  
Line 21: Line 21:
  
   * Current entropy range: About 1 billion   * Current entropy range: About 1 billion
-  * Proposed entropy range: 2^50. About 1048567 billions+  * Proposed entropy range: 2^50 or more. About 1048567 billions.
  
 ===== Proposal ===== ===== Proposal =====
  
 +  * Change "more_entropy" option to int parameter to specify number of entropy chars.
   * Enable "more entropy" option by default.   * Enable "more entropy" option by default.
   * Use php_random_bytes() as entropy source.   * Use php_random_bytes() as entropy source.
  
-==== Note on usage ====+<code php> 
 +  string uniqid([string $prefix [, int $number_of_entropy_chars ]]); 
 +</code> 
 + 
 +Where $number_of_entropy_chars are: 
 + 
 +  * 0 for disable more entropy. (Compatible with current $more_entropy=FALSE) 
 +  * 1 for 10 digits entropy. (Compatible with current $more_entropy=TRUE. About 30 bits entropy) 
 +  * 13 to 255 for number of entropy [0-v]{13,255} chars. (13 chars = 65 bits entropy) 
 + 
 + 
 +== Note on usage ==
  
 Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes.
  
-==== Note on performance ====+== Note on performance ==
  
 usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster. usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster.
  
-==== Note on uniqueness ====+== Note on uniqueness ==
  
 Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual. Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual.
 +
 +===== Discussions =====
 +
 +== User shouldn't use uniqid(). uniqid() should be deprecated ==
 +
 +It provides good enough unique ID and many users use uniqid() for test scripts. We don't have to deprecate it.
 +
 +== This gives false sense of security ==
 +
 +It mitigates risks of misuses, but users should not misunderstand new uniqid() generates crypt secure random values.
 +
 +
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 123: Line 147:
 ===== Rejected Features ===== ===== Rejected Features =====
 Keep this updated with features that were discussed on the mail lists. Keep this updated with features that were discussed on the mail lists.
 +
 +===== ChangeLog =====
 +
 +  * Made 2nd parameter a int 
rfc/uniqid.1473648115.txt.gz · Last modified: 2017/09/22 13:28 (external edit)