On 9/9/16 6:12 AM, Nikita Popov wrote:
The problem with "fixing" this function to be cryptographically unpredictable (rather than just unique, for a limited definition of unique) is that it will necessarily change the size of the output, on which there may be assumptions. A 128 bit random value is 22 chars in base64, which is a good bit larger than the current uniqid() output. I agree with Niklas, this function should simply be deprecated.
It is already in the sin bin, with that warning that steers users to safer options, so it makes more sense to deprecate than to reform.
Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
