On 13/09/2016 02:07, Yasuo Ohgaki wrote:
I pasted simple benchmark to the PR. New code uses about 2x cpu time on my Fedora 24. CSPRNG uses more complex code than php_combined_lcg(), so this is expected.
To me, this is at least as important as changing the length and character range of the output.
If I encode php_random_bytes() to the same length of digits, it does not increase entropy space. It remains about a million (a little less than 10 bits). It's too small for current baseline.
Not enough entropy for what? Can you give some concrete scenarios where you see this being a problem?
To me, uniqid() is useful because it is a quick way of getting a short string that's likely to be fairly unique. If that is its purpose, then making it slower, and its output longer, are not helping anybody.
If it's purpose is to be truly random, and have controllable entropy, etc, then we might as well deprecate it in favour of random_bytes().
Regards, Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
