On Mon, Feb 3, 2014 at 9:13 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> Hi Tjerk,
>
> On Mon, Feb 3, 2014 at 8:55 AM, Tjerk Meesters <tjerk.meesters@gmail.com>wrote:
>
>> I think it would be good enough to have only uuid v4:
>>
>> function uuidv4()
>> {
>> $data = openssl_random_pseudo_bytes(16); // or whatever
>>
>> $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0010
>> $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
>>
>> return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
>> }
>>
>> It's really just a representation of random data, whereby 6 bits are used
>> for the actual format.
>>
>
> I agree.
> UUID v4 simply generate random ID and it is good for many purposes.
>
> My concern is portability. OpenSSL(or Mcrypt) is provided as module.
> Users tends not to use module functions whenever possible. To address
> this issue, OpenSSL could be a module compiled by default.
>
You could simply choose between php_win32_get_random_bytes() (Windows) or
reading directly from /dev/xrandom. Ultimately you have to be prepared to
supplement the data (partially or fully) with calls to php_rand().
> Security matters for all applications. Compiling OpenSSL by default would
> be nice to have.
>
> Any comments?
>
> --
> Yasuo Ohgaki
> yohgaki@ohgaki.net
>
>
--
--
Tjerk