Hi all,
On Mon, Feb 3, 2014 at 10:13 AM, Yasuo Ohgaki <[email protected]> wrote:
> On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters <[email protected]>wrote:
>
>> I think it would be good enough to have only uuid v4:
>>
>> function uuidv4()
>> {
>> $data = openssl_random_pseudo_bytes(16); // or whatever
>>
>> $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010
>> $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
>>
>> return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
>> }
>>
>> It's really just a representation of random data, whereby 6 bits are used
>> for the actual format.
>>
>
> I agree.
> UUID v4 simply generate random ID and it is good for many purposes.
>
> My concern is portability. OpenSSL(or Mcrypt) is provided as module.
> Users tends not to use module functions whenever possible. To address
> this issue, OpenSSL could be a module compiled by default.
>
> Security matters for all applications. Compiling OpenSSL by default would
> be nice to have.
>
> Any comments?
>
It seems consensus here is "Not to add new function" and "Improve
documents".
We are better to provide realistic alternative for application developers.
I would like to write a RFC that makes openssl module a module compiled
by default.
Any comments for this?
--
Yasuo Ohgaki
[email protected]