Hi all,
On Fri, Sep 9, 2016 at 8:18 PM, Arvids Godjuks <arvids.godj...@gmail.com> wrote:
>
> Hm, without "true" you get 13 chars, with "true" - 20+.
Sorry. It's
$ php -r 'var_dump(uniqid(), uniqid("", true));'
string(13) "57d29c20c04c3"
string(23) "57d29c20c04c50.55225401"
I misread sprintf format.
Anyway, we may use extra 10 chars to make it more random if it should
keep compatibility. It seems uniqid() is popular for test scripts, so
it would be preferred keeping it. It does not harm any with test
script thanks to higher precision timers of current systems.
Some of us feel returning almost random value from uniqid() is
overkill. This is reasonable. I'll prepare patch that uses 10 chars
for 50 bits extra entropy from php_random_bytes() by default. It will
be a little safer even when user misuses uniqid() while keeping
most compatibility.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
