On 02.02.14 05:32, Yasuo Ohgaki wrote:
> string safe_uniqid([ing $length=64])
>
> It generate ID using good RNG such as /dev/urandom, /dev/arandom for
> UNIXes, openssl RNG for Windows when they are available. It does not use
> hash function, but simply convert RNG binary data into text. The same
> algorithm that is used for session ID may be used. (Use
> hash_bits_per_character=5, since it only contains alphanumeric chars) Since
> it does not use hash, it's fast.
>
> Any comments? Any good names?
The documentation for uniqid() is pretty clear about the fact that it's
not cryptographically secure and recomends openssl_random_pseudo_bytes()
as a replacement. Shouldn't we just try to come up with sane default
values for its $length parameter instead of adding yet another new function?
> P.S. Is anyone working UUID? PostgreSQL is using OSSP's UUID lib, it's good
> for PHP.
> http://www.postgresql.org/docs/9.2/interactive/uuid-ossp.html
There's http://pecl.php.net/package/uuid.
- Martin