rfc:uniqid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:uniqid [2016/09/12 02:47]
yohgaki Add discussion
rfc:uniqid [2021/07/07 09:30] (current)
cmb RFC is inactive
Line 4: Line 4:
   * Date Modified: 2016-09-12   * Date Modified: 2016-09-12
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under+  * Status: Inactive
   * First Published at: http://wiki.php.net/rfc/uniqid   * First Published at: http://wiki.php.net/rfc/uniqid
  
Line 21: Line 21:
  
   * Current entropy range: About 1 billion   * Current entropy range: About 1 billion
-  * Proposed entropy range: 2^50. About 1048567 billions+  * Proposed entropy range: 2^50 or more. About 1048567 billions.
  
 ===== Proposal ===== ===== Proposal =====
  
 +  * Change "more_entropy" option to int parameter to specify number of entropy chars.
   * Enable "more entropy" option by default.   * Enable "more entropy" option by default.
   * Use php_random_bytes() as entropy source.   * Use php_random_bytes() as entropy source.
  
-==== Note on usage ====+<code php> 
 +  string uniqid([string $prefix [, int $number_of_entropy_chars ]]); 
 +</code> 
 + 
 +Where $number_of_entropy_chars are: 
 + 
 +  * 0 for disable more entropy. (Compatible with current $more_entropy=FALSE) 
 +  * 1 for 10 digits entropy. (Compatible with current $more_entropy=TRUE. About 30 bits entropy) 
 +  * 13 to 255 for number of entropy [0-v]{13,255} chars. (13 chars = 65 bits entropy) 
 + 
 + 
 +== Note on usage ==
  
 Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes. Users should never use uniqid() for any crypt related purposes even with this change. uniqid() does not provide crypt secure random value. Users should use random_bytes() for crypt purposes.
  
-==== Note on performance ====+== Note on performance ==
  
 usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster. usleep(1) is not used when "more entropy" is used. Therefore, default behavior is about 25x faster.
  
-==== Note on uniqueness ====+== Note on uniqueness ==
  
 Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual. Although it is unlikely, uniqueness is _not_ guaranteed even with this proposal, but this proposal improves uniqueness a lot. This nature will be documented in the manual.
Line 44: Line 56:
 == User shouldn't use uniqid(). uniqid() should be deprecated == == User shouldn't use uniqid(). uniqid() should be deprecated ==
  
-It provides good enough unique ID and many users uses uniqid() for test scripts. We don't have to deprecate it.+It provides good enough unique ID and many users use uniqid() for test scripts. We don't have to deprecate it.
  
 == This gives false sense of security == == This gives false sense of security ==
Line 135: Line 147:
 ===== Rejected Features ===== ===== Rejected Features =====
 Keep this updated with features that were discussed on the mail lists. Keep this updated with features that were discussed on the mail lists.
 +
 +===== ChangeLog =====
 +
 +  * Made 2nd parameter a int 
rfc/uniqid.1473648461.txt.gz · Last modified: 2017/09/22 13:28 (external edit)