Hi all, On Fri, Sep 9, 2016 at 2:12 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > We all know, uniqid() is not unique at all and not safe as random ID > at all. This would be one of the most misused function because of its > name. > > https://github.com/php/php-src/blob/master/ext/standard/uniqid.c#L44 > > Bug report for this > https://bugs.php.net/bug.php?id=55391 > > I would like to > - Enable more entropy parameter on by default > - Add 256 bits random value (64 chars by HEX) from > php_random_bytes() instead of 1 char from php_combined_lcg() > > If all of us think "just fix it", then I'll just fix this in master w/o RFC. > > Any comments?
It seems we need RFC. I'll correct opinions and make them vote options. If you have thought about uniqid(), please let me know. Thank you. -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
