Hi Tjerk,
On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters <tjerk.meesters@gmail.com>wrote:
> I think it would be good enough to have only uuid v4:
>
> function uuidv4()
> {
> $data = openssl_random_pseudo_bytes(16); // or whatever
>
> $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010
> $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
>
> return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
> }
>
> It's really just a representation of random data, whereby 6 bits are used
> for the actual format.
>
I agree.
UUID v4 simply generate random ID and it is good for many purposes.
My concern is portability. OpenSSL(or Mcrypt) is provided as module.
Users tends not to use module functions whenever possible. To address
this issue, OpenSSL could be a module compiled by default.
Security matters for all applications. Compiling OpenSSL by default would
be nice to have.
Any comments?
--
Yasuo Ohgaki
yohgaki@ohgaki.net