Hi Niklas,

On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller <m...@kelunik.com> wrote:
>> As you can see from last minutes discussion.
>> "/dev/urandom cannot be read" is FUD.
>> It's pure bug fix. (I intentionally made patch easy to extend used
>> chars, though)
>> Would you consider revert the revert?
> This discussion shows there should be a RFC and a vote. I'd not consider
> this a simple bug fix, after all it doesn't really fix it.
> If we want to fix it in core, we'd better include an UUID generation
> mechanism than fixing uniq_id.

UUID like uniqueness is not the subject of uniqid(), isn't it?

As I wrote, it's simple bug fix.
The patch committed is pure bug fix.

uniqid() is simply _broken_ because it does not provide expected uniqueness due
to timestamp based php_combined_lcg(). (I added large warning to the manual
recently, though)

unique id (time stamp) + entropy (timestamp based entropy)

Who argue result is reasonably unique?
Who don't use NTP to adjust system time?


Yasuo Ohgaki

PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to