Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default

2013-08-23 Thread Anthony Ferrara
Yasuo, > It's absolutely not wise to use it for anything security related, the > > purpose of the function is simply to provide a unique value within a > > system, not a random value, not an unpredictable value. > > > > I agree. > > However, I suppose there are many applications that rely on uniqi

Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default

2013-08-23 Thread Yasuo Ohgaki
Hi David, On Fri, Aug 23, 2013 at 12:03 PM, David Muir wrote: > Well, there's this: > > http://pecl.php.net/package/uuid > I meant UUID module for source distribution. Sorry, I should have mentioned this. PECL's UUID module is LGPL, so the license is needed to be changed. It uses ext2util lib.

Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default

2013-08-23 Thread Yasuo Ohgaki
Hi Anthony, On Fri, Aug 23, 2013 at 11:12 PM, Anthony Ferrara wrote: > > It's absolutely not wise to use it for anything security related, the >> > purpose of the function is simply to provide a unique value within a >> > system, not a random value, not an unpredictable value. >> > >> >> I agree.

Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default

2013-08-23 Thread Yasuo Ohgaki
On Sat, Aug 24, 2013 at 7:14 AM, Yasuo Ohgaki wrote: > We shouldn't alter language design for people making bad decisions. >> Instead, we should work on documentation and education to fix those kinds >> of problems. >> > > We definitely should do this. I agree. > I agree with part of documentati