Yasuo Ohgaki schrieb am Di., 4. Okt. 2016, 03:54:
> Hi Davey,
>
> On Tue, Oct 4, 2016 at 4:59 AM, Davey Shafik wrote:
> > On Sunday, October 2, 2016, Yasuo Ohgaki wrote:
> >>
> >> Hi all,
> >>
> >> On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki
> wrote:
> >> > Besides improving "more entropy" th
On Oct 4, 2016 8:55 AM, "Yasuo Ohgaki" wrote:
>
> Hi Davey,
>
> On Tue, Oct 4, 2016 at 4:59 AM, Davey Shafik wrote:
> > On Sunday, October 2, 2016, Yasuo Ohgaki wrote:
> >>
> >> Hi all,
> >>
> >> On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki
wrote:
> >> > Besides improving "more entropy" the def
Hi Davey,
On Tue, Oct 4, 2016 at 4:59 AM, Davey Shafik wrote:
> On Sunday, October 2, 2016, Yasuo Ohgaki wrote:
>>
>> Hi all,
>>
>> On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki wrote:
>> > Besides improving "more entropy" the default and data, I prepared
>> > fully compatible patch to simplify
On Sunday, October 2, 2016, Yasuo Ohgaki wrote:
> Hi all,
>
> On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki wrote:
> > Besides improving "more entropy" the default and data, I prepared
> > fully compatible patch to simplify discussion.
> >
> > https://gist.github.com/anonymous/fb615df325d559fa806
Hi Kazuo,
On Thu, Sep 15, 2016 at 3:17 AM, Kazuo Oishi wrote:
>> I updated the RFC.
>> 2nd parameter (more_entropy) is int now.
>>
>> - 0 for disable more entropy.
>>(Compatible with current $more_entropy=FALSE)
>> - 1 for 10 digits entropy. e.g. 1.23456789
>>(Compatible with current $m
Hi,
> I updated the RFC.
> 2nd parameter (more_entropy) is int now.
>
> - 0 for disable more entropy.
>(Compatible with current $more_entropy=FALSE)
> - 1 for 10 digits entropy. e.g. 1.23456789
>(Compatible with current $more_entropy=TRUE) DEFAULT
> - 13 to 255 to number of entropy [0-v
Hi Rowan,
On Tue, Sep 13, 2016 at 6:47 PM, Rowan Collins wrote:
> To me, uniqid() is useful because it is a quick way of getting a short
> string that's likely to be fairly unique. If that is its purpose, then
> making it slower, and its output longer, are not helping anybody.
>
> If it's purpose
On 13/09/2016 02:07, Yasuo Ohgaki wrote:
I pasted simple benchmark to the PR.
New code uses about 2x cpu time on my Fedora 24. CSPRNG uses more complex
code than php_combined_lcg(), so this is expected.
To me, this is at least as important as changing the length and
character range of the outp
Hi Kauzo,
On Tue, Sep 13, 2016 at 3:23 PM, Kazuo Oishi wrote:
>> Current implementation is good enough for most cases, but it can be better.
>
> I agree this legacy design API works good enough for most cases.
>
> So, I think it should not be changed in BC break way.
I updated the RFC.
2nd param
Hi,
>> The uniqid() manual explicitly say,
>>
>> - default value of more_entropy is false
>>
>> - the returned string will be 13 characters long. If more_entropy is
>>TRUE, it will be 23 characters.
>>
>> - if more_entropy is set to TRUE, uniqid() will add additional entropy
>>(using th
Hi Kazuo,
On Tue, Sep 13, 2016 at 1:20 PM, Kazuo Oishi wrote:
> The uniqid() manual explicitly say,
>
> - default value of more_entropy is false
>
> - the returned string will be 13 characters long. If more_entropy is
>TRUE, it will be 23 characters.
>
> - if more_entropy is set to TRUE, u
Hi,
> Actually not with current implementation. If time is rewined, the same ID
> could be generated by chance. Because, both ID part and entropy part
> is generated based on the current system time. Collision would be rare,
> but it's not rare as it should be at all.
>
> I think minimum would be
Hi Kazuo,
On Tue, Sep 13, 2016 at 11:48 AM, Yasuo Ohgaki wrote:
>> Current "more_entropy" part (10 bytes) pattern is "n." and its
>> variation is 10^9 (1 billion) as written in your RFC. (about 30bits?)
>>
>> I think it is enough to avoid collision in the same usec, for
>> non-security p
On Tue, Sep 13, 2016 at 11:23 AM, Kazuo Oishi wrote:
> IMO, improving it (generate better semi-unique ID) is not important
> enoungh to introduce unnecessary BC break. (Why returning string length
> is changed?)
It cannot not produce unique ID by default as name "uniqid()" i
Hi,
IMO, improving it (generate better semi-unique ID) is not important
enoungh to introduce unnecessary BC break. (Why returning string length
is changed?)
>>>
>>> It cannot not produce unique ID by default as name "uniqid()" implies.
>>> Reason is described in the RFC. Please rea
On Tue, Sep 13, 2016 at 10:14 AM, Yasuo Ohgaki wrote:
>> I use `uniqid()` daily in my test suites, even new ones (not much else), and
>> introducing the `.` everywhere will just cause issues.
>> Changing string length may also break everything.
>
> It seems you have code that will be broken.
> Cou
Hi Marco,
On Mon, Sep 12, 2016 at 11:48 PM, Marco Pivetta wrote:
>
> Full ACK on what Kazuo said.
>
> I use `uniqid()` daily in my test suites, even new ones (not much else), and
> introducing the `.` everywhere will just cause issues.
> Changing string length may also break everything.
It seems
Hi Kazuo,
On Mon, Sep 12, 2016 at 11:46 PM, Kazuo Oishi wrote:
>>> IMO, improving it (generate better semi-unique ID) is not important
>>> enoungh to introduce unnecessary BC break. (Why returning string length
>>> is changed?)
>>
>> It cannot not produce unique ID by default as name "uniqid()"
Hi Rowan,
On Mon, Sep 12, 2016 at 10:47 PM, Rowan Collins wrote:
>
> uniqid() has never been, and is not claimed to be, guaranteed unique to any
> particular standard.
Right. We need to improve documentation. It only has crypt related
usage warning now.
> On 12/09/2016 13:08, Yasuo Ohgaki wrote
On Mon, Sep 12, 2016 at 4:46 PM, Kazuo Oishi wrote:
> Hi,
>
> >> IMO, improving it (generate better semi-unique ID) is not important
> >> enoungh to introduce unnecessary BC break. (Why returning string length
> >> is changed?)
> >
> > It cannot not produce unique ID by default as name "uniqid()
Hi,
>> IMO, improving it (generate better semi-unique ID) is not important
>> enoungh to introduce unnecessary BC break. (Why returning string length
>> is changed?)
>
> It cannot not produce unique ID by default as name "uniqid()" implies.
> Reason is described in the RFC. Please read RFC becaus
Hi Yasuo,
uniqid() has never been, and is not claimed to be, guaranteed unique to
any particular standard.
On 12/09/2016 13:08, Yasuo Ohgaki wrote:
Since we have to change "more entropy" to TRUE by default
Is your intention that the version without "more entropy" be deprecated,
and at som
Hi,
On Sep 12, 2016 5:48 PM, "Kazuo Oishi" wrote:
>
> Hi,
>
> > I know some code breaks, but it's not many. It's not fatal BC also.
> >
> > IMHO, uniqid() should try to generate uniqid() possible. uniqid() does
produce
> > non unique ID because it is system time based. This change mitigates
impac
On Mon, Sep 12, 2016 at 9:08 PM, Yasuo Ohgaki wrote:
> It cannot not produce unique ID as name "uniqid()" implies by default.
It cannot not produce unique ID by default as name "uniqid()" implies.
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To un
Hi Kazuo,
On Mon, Sep 12, 2016 at 7:48 PM, Kazuo Oishi wrote:
>> I know some code breaks, but it's not many. It's not fatal BC also.
>>
>> IMHO, uniqid() should try to generate uniqid() possible. uniqid() does
>> produce
>> non unique ID because it is system time based. This change mitigates imp
Hi,
> I know some code breaks, but it's not many. It's not fatal BC also.
>
> IMHO, uniqid() should try to generate uniqid() possible. uniqid() does produce
> non unique ID because it is system time based. This change mitigates impact of
> misuse also which is common in both open and close codes.
Hi Kazuo,
On Mon, Sep 12, 2016 at 1:41 PM, Kazuo Oishi wrote:
>
>> This is RFC for improving uniqid() uniqueness.
>> https://wiki.php.net/rfc/uniqid
>>
>> PR
>> https://github.com/php/php-src/pull/2123
>>
>> If there is anything left to discuss, please comment.
>
> I think uniqid() should not be
Hi,
> This is RFC for improving uniqid() uniqueness.
> https://wiki.php.net/rfc/uniqid
>
> PR
> https://github.com/php/php-src/pull/2123
>
> If there is anything left to discuss, please comment.
I think uniqid() should not be changed in BC break way, it should be
left as is.
You said,
>> Almost
Hi all,
This is RFC for improving uniqid() uniqueness.
https://wiki.php.net/rfc/uniqid
PR
https://github.com/php/php-src/pull/2123
If there is anything left to discuss, please comment.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsu
29 matches
Mail list logo
