Hi all, On Fri, Sep 9, 2016 at 8:18 PM, Arvids Godjuks <arvids.godj...@gmail.com> wrote: > > Hm, without "true" you get 13 chars, with "true" - 20+.
Sorry. It's $ php -r 'var_dump(uniqid(), uniqid("", true));' string(13) "57d29c20c04c3" string(23) "57d29c20c04c50.55225401" I misread sprintf format. Anyway, we may use extra 10 chars to make it more random if it should keep compatibility. It seems uniqid() is popular for test scripts, so it would be preferred keeping it. It does not harm any with test script thanks to higher precision timers of current systems. Some of us feel returning almost random value from uniqid() is overkill. This is reasonable. I'll prepare patch that uses 10 chars for 50 bits extra entropy from php_random_bytes() by default. It will be a little safer even when user misuses uniqid() while keeping most compatibility. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php