Re: Extending uniqid() or not?

From: Date: Mon, 03 Feb 2014 08:13:26 +0000
Subject: Re: Extending uniqid() or not?
Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
Hi,

I know this thread is about uniqid(), but MCrypt and OpenSSL
extensions are already mentioned anyway.

I think the underlying problem here is that PHP doesn't provide a
cryptographically-secure PRNG generator by default. This might not be
a concern for uniqid() in particular, but it certainly is a problem.
Both of the above-mentioned extensions are optional and as such are
not the go-to choice for randomness in most applications. The lack of
a "by default" cryptography extension is another problem, but RNG is
more important.

Cheers,
Andrey.


Thread (29 messages)

« previous php.internals (#72054) next »