Hi Leigh,
On Wed, Oct 5, 2016 at 5:25 PM, Leigh <lei...@gmail.com> wrote:
> The list was missed off of Yasuo's replies to me, replying including the
> list
Me too :)
>
> On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
>>
>> Hi Leigh,
>>
>> On Tue, Oct 4, 2016 at 7:06 PM, Leigh <lei...@gmail.com> wrote:
>> > Since we want to preserve BC
>> >
>> > entropy = random_int(0, 99999999);
>> > uniqid = strpprintf(0, "%s%08x%05x.%08d", prefix, sec, usec, entropy);
>>
>> Current entropy is _double_ from php_combined_lcg() and has 10 chars
>> length,
>> has [0-9].[0-9]{8} format.
>>
>> "F"->"d" does not work. It should be something like
>>
>> entropy = (double) random_int(0, 9999999999);
>
>
> No it shouldn't. Don't do this. It is an unnecessary conversion. The fact
> the lcg returns a double is irrelevant. What is relevant is the 8 digits in
> order to maintain BC. The 8 digits you receive from random_int will still be
> higher quality than the 10 you get from the lcg rounded to 8 places.
>
>>
>> uniqid = strpprintf(0, "%s%08x%05x.%08F", prefix, sec, usec,
>> entropy/100000000);
There is misunderstanding for the format.
The patch is made to be fully compatible with current output.
php_combined_lcg() produces value between 1 and 0. It is multiplied
by 10, and 8 decimal numbers are used, so additional entropy is
something like
1.23456789 (10 chars)
[yohgaki@dev ~]$ php -v
PHP 5.6.26 (cli) (built: Sep 16 2016 04:36:41)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
[yohgaki@dev ~]$ php -r 'var_dump(uniqid(), uniqid("", true));'
string(13) "57f4ce3df2ea5"
string(23) "57f4ce3df2ea81.98781982"
Current uniqid('', true) adds 1 int char + '.' + 8 decimal char.
Tricky format string, but this is what it does.
If we would like to avoid int to double conversion, we may call
php_random_int() twice. Not sure if it's worth or not, though.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
