2016-09-09 7:12 GMT+02:00 Yasuo Ohgaki <yohg...@ohgaki.net>: > Hi all, > > We all know, uniqid() is not unique at all and not safe as random ID > at all. This would be one of the most misused function because of its > name. > > https://github.com/php/php-src/blob/master/ext/standard/uniqid.c#L44 > > Bug report for this > https://bugs.php.net/bug.php?id=55391 > > I would like to > - Enable more entropy parameter on by default > - Add 256 bits random value (64 chars by HEX) from > php_random_bytes() instead of 1 char from php_combined_lcg() > > If all of us think "just fix it", then I'll just fix this in master w/o > RFC.
I think it's better to leave it as is and deprecate and discourage its use. There's already a big warning there. Dunno whether there are really valid use cases for it. Regards, Niklas
