Hi Kalle,
I forgot to mention one more thing.
On Thu, Oct 20, 2016 at 6:28 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Warnings are based on following facts.
>
> uniqid(); // without entropy
>
> usleep(1) is called to get unique timestamp, but NTP can disturb and
> uniqid() can result in the same ID.
>
> uniqid('', TRUE); // with entropy
>
> It's better, but entropy is based on system timestamp and there is no
> usleep(1), so uniqid() is more sensitive to system clock adjustment by
> NTP, and uniqid() can result in the same ID.
>
> Collision is unlikely, but it not that unlikely with true CSPRNG based
> entropy. Therefore, I made warning a little strong. With CSPRNG, we
> may use more gentle warning. IMO.
Application requires unique ID under across multi process/thread
tasks, it will have more chance to have collided unique ID.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
