rfc:uniqid
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:uniqid [2016/09/12 02:32] – created yohgaki | rfc:uniqid [2021/07/07 09:30] (current) – RFC is inactive cmb | ||
---|---|---|---|
Line 4: | Line 4: | ||
* Date Modified: 2016-09-12 | * Date Modified: 2016-09-12 | ||
* Author: Yasuo Ohgaki < | * Author: Yasuo Ohgaki < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 21: | Line 21: | ||
* Current entropy range: About 1 billion | * Current entropy range: About 1 billion | ||
- | * Proposed entropy range: 2^50. About 1048567 billions | + | * Proposed entropy range: 2^50 or more. About 1048567 billions. |
===== Proposal ===== | ===== Proposal ===== | ||
+ | * Change " | ||
* Enable "more entropy" | * Enable "more entropy" | ||
* Use php_random_bytes() as entropy source. | * Use php_random_bytes() as entropy source. | ||
- | ==== Note on usage ==== | + | <code php> |
+ | string uniqid([string $prefix [, int $number_of_entropy_chars ]]); | ||
+ | </ | ||
+ | |||
+ | Where $number_of_entropy_chars are: | ||
+ | |||
+ | * 0 for disable more entropy. (Compatible with current $more_entropy=FALSE) | ||
+ | * 1 for 10 digits entropy. (Compatible with current $more_entropy=TRUE. About 30 bits entropy) | ||
+ | * 13 to 255 for number of entropy [0-v]{13, | ||
+ | |||
+ | |||
+ | == Note on usage == | ||
Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. | Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. | ||
+ | |||
+ | == Note on performance == | ||
+ | |||
+ | usleep(1) is not used when "more entropy" | ||
+ | |||
+ | == Note on uniqueness == | ||
+ | |||
+ | Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual. | ||
+ | |||
+ | ===== Discussions ===== | ||
+ | |||
+ | == User shouldn' | ||
+ | |||
+ | It provides good enough unique ID and many users use uniqid() for test scripts. We don't have to deprecate it. | ||
+ | |||
+ | == This gives false sense of security == | ||
+ | |||
+ | It mitigates risks of misuses, but users should not misunderstand new uniqid() generates crypt secure random values. | ||
+ | |||
+ | |||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 46: | Line 78: | ||
Current implementation output example: | Current implementation output example: | ||
- | $ php -r ' | + | |
- | | + | string(13) " |
- | | + | string(23) " |
==== Chars used by "more entropy" | ==== Chars used by "more entropy" | ||
Line 56: | Line 88: | ||
Proposed implementation output example: | Proposed implementation output example: | ||
- | $ ./php-bin -r ' | + | |
- | | + | string(13) " |
- | | + | string(23) " |
Line 115: | Line 147: | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
Keep this updated with features that were discussed on the mail lists. | Keep this updated with features that were discussed on the mail lists. | ||
+ | |||
+ | ===== ChangeLog ===== | ||
+ | |||
+ | * Made 2nd parameter a int |
rfc/uniqid.1473647566.txt.gz · Last modified: 2017/09/22 13:28 (external edit)