Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Pierre, On Thu, Oct 20, 2016 at 7:12 PM, Pierre Joye wrote: >> Application requires unique ID under across multi process/thread >> tasks, it will have more chance to have collided unique ID. > > uniqid fill(s|ed) some needs or maybe still fits for some. > > However for

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Thu, Oct 20, 2016 at 4:44 PM, Yasuo Ohgaki wrote: > Application requires unique ID under across multi process/thread > tasks, it will have more chance to have collided unique ID. uniqid fill(s|ed) some needs or maybe still fits for some. However for modern application

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Kalle, I forgot to mention one more thing. On Thu, Oct 20, 2016 at 6:28 PM, Yasuo Ohgaki wrote: > Warnings are based on following facts. > > uniqid(); // without entropy > > usleep(1) is called to get unique timestamp, but NTP can disturb and > uniqid() can result in the

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Kalle, On Thu, Oct 20, 2016 at 5:17 PM, Kalle Sommer Nielsen wrote: > 2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki : >> "Do not make assumption for uniqid() output format, entropy >> especially. uniqid() output format may be changed to provide >> reasonably unique

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Yasuo 2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki : > "Do not make assumption for uniqid() output format, entropy > especially. uniqid() output format may be changed to provide > reasonably unique ID in future versions." Sounds reasonable to me; although I would phrase it a

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Anatol, On Wed, Oct 19, 2016 at 8:20 PM, Anatol Belski wrote: >> I won't have time to write RFC for this, probably. I have many other things >> that I >> would like to improve, like session error status handling improvement that I >> recently proposed. >> > I see. It's

RE: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

gh <lei...@gmail.com>; PHP Internals <internals@lists.php.net> > Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness > > I think you and Joe could not follow the discussion. It's okay, reading them > all is > waste of your time. I read all, but I'm not

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

oe Watkins <pthre...@pthreads.org>; Niklas Keller <m...@kelunik.com>; >> Leigh <lei...@gmail.com>; PHP Internals <internals@lists.php.net> >> Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness >> >> Hi Anatol, >> >

RE: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

gh <lei...@gmail.com>; PHP Internals <internals@lists.php.net> > Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness > > Hi Anatol, > > On Wed, Oct 19, 2016 at 1:41 AM, Anatol Belski <anatol@belski.net> wrote: > > AFM the patch is not accept

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Rowan, On Wed, Oct 19, 2016 at 5:14 AM, Rowan Collins wrote: > On 18/10/2016 20:52, Yasuo Ohgaki wrote: >> >> Which is important? >> - uniqid() is not unique >> - Really broken system that shouldn't be used may emit error > > > Frankly, both are pretty rare cases.

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 18/10/2016 20:52, Yasuo Ohgaki wrote: Which is important? - uniqid() is not unique - Really broken system that shouldn't be used may emit error Frankly, both are pretty rare cases. From the way you talk about it, everybody who uses uniqid() will get duplicate values all the time, when

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Kalle and all, On Wed, Oct 19, 2016 at 1:43 AM, Kalle Sommer Nielsen wrote: > 2016-10-18 18:41 GMT+02:00 Anatol Belski : >> AFM the patch is not acceptable for 7.0. It is true that some place was >> moved to the new random int functionality (in password

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Anatol, On Wed, Oct 19, 2016 at 1:41 AM, Anatol Belski wrote: > AFM the patch is not acceptable for 7.0. It is true that some place was moved > to the new random int functionality (in password AFAIR). But, it is done at > the place and the way that a BC breach is

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

2016-10-18 18:41 GMT+02:00 Anatol Belski : > AFM the patch is not acceptable for 7.0. It is true that some place was moved > to the new random int functionality (in password AFAIR). But, it is done at > the place and the way that a BC breach is unlikely. Using the throwing

RE: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

;internals@lists.php.net> > Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness > > Hi Joe, > > On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > > > On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins <pthre...@pthre

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

2016-10-18 14:41 GMT+02:00 Yasuo Ohgaki : > Hi Niklas, > > On Tue, Oct 18, 2016 at 9:33 PM, Niklas Keller wrote: > > 2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki : > >> > >> Hi Niklas, > >> > >> On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Niklas, On Tue, Oct 18, 2016 at 9:33 PM, Niklas Keller wrote: > 2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki : >> >> Hi Niklas, >> >> On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote: >> >> >> >> As you can see from last minutes

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki : > Hi Niklas, > > On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote: > >> > >> As you can see from last minutes discussion. > >> > >> "/dev/urandom cannot be read" is FUD. > >> It's pure bug fix. (I intentionally

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Niklas, On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote: >> >> As you can see from last minutes discussion. >> >> "/dev/urandom cannot be read" is FUD. >> It's pure bug fix. (I intentionally made patch easy to extend used >> chars, though) >> >> Would you consider

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

2016-10-18 14:02 GMT+02:00 Yasuo Ohgaki : > Hi Joe, > > On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki wrote: > > > > On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins > wrote: > >>> This change should go through the standard RFC process

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Joe, On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki wrote: > > On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins wrote: >>> This change should go through the standard RFC process and should be >>> targeted at 7.2+ (master) *only*. >> >>> Please check with

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Tue, Oct 18, 2016 at 8:47 PM, Lester Caine wrote: > On 18/10/16 12:37, Yasuo Ohgaki wrote: >> The patch committed is pure bug fix. > https://www.google.co.uk/search?q=%2Fdev%2Furandom+is+not+readable+by+php > > Even bug fixes need proper documentation to avoid the WTF !

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 18/10/16 12:37, Yasuo Ohgaki wrote: > The patch committed is pure bug fix. https://www.google.co.uk/search?q=%2Fdev%2Furandom+is+not+readable+by+php Even bug fixes need proper documentation to avoid the WTF ! -- Lester Caine - G8HFL - Contact -

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Tue, Oct 18, 2016 at 8:00 PM, Lester Caine wrote: > On 18/10/16 11:02, Niklas Keller wrote: >>> 'Suppliers' should perhaps be helped to configure their systems so the >>> > users can use things, but things like /dev/urandom may need some >>> > additional notes to help

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Joe, On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins wrote: >> This change should go through the standard RFC process and should be >> targeted at 7.2+ (master) *only*. > >> Please check with the RMs before merging functionality changes into >> release >> branches. All

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 18/10/16 11:02, Niklas Keller wrote: >> 'Suppliers' should perhaps be helped to configure their systems so the >> > users can use things, but things like /dev/urandom may need some >> > additional notes to help identify problems when frameworks like owncloud >> > start throwing errors. As

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Morning, > This change should go through the standard RFC process and should be > targeted at 7.2+ (master) *only*. > Please check with the RMs before merging functionality changes into release > branches. All functionality changes need consent and consensus. Bug fixes > (that don't change

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Lester Caine schrieb am Di., 18. Okt. 2016, 11:42: > On 18/10/16 08:35, Yasuo Ohgaki wrote: > >> Sure, but it did happen that shared hosts block it, noticed during > >> > random_compat adoption. > >> > > >> > You claimed there isn't any BC break. > > The line should be > > >

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 18/10/16 08:35, Yasuo Ohgaki wrote: >> Sure, but it did happen that shared hosts block it, noticed during >> > random_compat adoption. >> > >> > You claimed there isn't any BC break. > The line should be > > "There is no BC for usable systems" > > Any file permission could disturb PHP script

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Tue, Oct 18, 2016 at 4:16 PM, Niklas Keller wrote: > Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 08:47: >> >> Hi Niklas, >> >> On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote: >> > Yasuo Ohgaki schrieb am Di.,

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 08:47: > Hi Niklas, > > On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote: > > Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21: > >> > >> Hi all, > >> > >> I committed this patch that

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Niklas, On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote: > Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21: >> >> Hi all, >> >> I committed this patch that simply use php_random_bytes() w/o any BC. > > > Doesn't this throw now in some environments

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21: > Hi all, > > I committed this patch that simply use php_random_bytes() w/o any BC. > Doesn't this throw now in some environments where /dev/urandom isn't readable? Regards, Niklas

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi all, I committed this patch that simply use php_random_bytes() w/o any BC. http://git.php.net/?p=php-src.git;a=commitdiff;h=48f1a17886d874dc90867c669481804de90509e8 I thought there is php_random_int(), but it's not. So this is one of the best patch for this purpose. There is bug reports

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Leigh, On Wed, Oct 5, 2016 at 5:25 PM, Leigh wrote: > The list was missed off of Yasuo's replies to me, replying including the > list Me too :) > > On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote: >> >> Hi Leigh, >> >> On Tue, Oct 4, 2016 at 7:06 PM,

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

The list was missed off of Yasuo's replies to me, replying including the list On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote: > Hi Leigh, > > On Tue, Oct 4, 2016 at 7:06 PM, Leigh wrote: > > Since we want to preserve BC > > > > entropy = random_int(0,

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 4 October 2016 at 02:39, Yasuo Ohgaki wrote: > Hi Leigh, > > On Mon, Oct 3, 2016 at 9:06 PM, Leigh wrote: >> I'm curious, did you consider using random_int? It already handles >> biasing, and you can reduce the repeated calls to random_bytes. > > Yes. It

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Leigh, On Mon, Oct 3, 2016 at 9:06 PM, Leigh wrote: > I'm curious, did you consider using random_int? It already handles > biasing, and you can reduce the repeated calls to random_bytes. Yes. It seemed it might be slower due to number of retries at first, but I realized

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On 2 October 2016 at 21:03, Yasuo Ohgaki wrote: > Hi all, > > On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki wrote: >> Besides improving "more entropy" the default and data, I prepared >> fully compatible patch to simplify discussion. >> >>

[PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi all, On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki wrote: > Besides improving "more entropy" the default and data, I prepared > fully compatible patch to simplify discussion. > > https://gist.github.com/anonymous/fb615df325d559fa806a265031a06ede > > I would like to apply

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Yasuo 2016-10-02 20:56 GMT+02:00 Yasuo Ohgaki : > I would like to apply this patch from PHP 7.0 branch, then discuss what > the default should be. > > Any comments? > If there is no objections, I'll apply this few days later. If anything this should be considered from

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Sun, Oct 2, 2016 at 8:56 PM, Yasuo Ohgaki wrote: > Besides improving "more entropy" the default and data, I prepared > fully compatible patch to simplify discussion. > > https://gist.github.com/anonymous/fb615df325d559fa806a265031a06ede > > I would like to apply this patch

[PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi all, On Mon, Sep 12, 2016 at 11:54 AM, Yasuo Ohgaki wrote: > This is RFC for improving uniqid() uniqueness. > https://wiki.php.net/rfc/uniqid > > PR > https://github.com/php/php-src/pull/2123 > > If there is anything left to discuss, please comment. > > Regards, Besides