uniqid有多独特? [英] How unique is uniqid?

问题描述

这个问题实际上并不是寻找解决方案的问题，它只是出于简单的好奇心而已. PHP uniqid函数具有一个更熵的标志，以使输出更唯一".这让我想知道，当more_entropy为true时(而不是true时)，此函数多次产生相同结果的可能性有多大.换句话说，启用more_entropy时与禁用时相比，uniqid的唯一性如何?始终启用more_entropy是否有任何弊端?

This question isn't really a problem looking for a solution, it's more just a matter of simple curiosity. The PHP uniqid function has a more entropy flag, to make the output "more unique". This got me wondering, just how likely is it for this function to produce the same result more than once when more_entropy is true, versus when it isn't. In other words, how unique is uniqid when more_entropy is enabled, versus when it is disabled? Are there any drawbacks to having more_entropy enabled all the time?

推荐答案

更新，2014年3月:

首先，必须注意uniqid有点用词不当，因为它不能保证唯一的ID.

Firstly, it is important to note that uniqid is a bit of a misnomer as it doesnt guarantee a unique ID.

根据 PHP文档:

警告！

此函数不会创建随机或不可预测的字符串.这 该功能不得用于安全目的.密码使用 安全随机函数/生成器和加密安全哈希 用于创建不可预测的安全ID的功能.

This function does not create random nor unpredictable string. This function must not be used for security purposes. Use cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure ID.

还有

此功能不会在以下情况下生成加密安全令牌: 实际上没有传递任何其他参数的返回值 与 microtime()几乎没有什么不同.如果您需要生成 加密安全令牌使用 openssl_random_pseudo_bytes().

This function does not generate cryptographically secure tokens, in fact without being passed any additional parameters the return value is little different from microtime(). If you need to generate cryptographically secure tokens use openssl_random_pseudo_bytes().

---

根据文档将更多熵设置为true会生成更唯一的值，但是执行时间更长(虽然程度很小):

---

Setting more-entropy to true generates a more unique value, however the execution time is longer (though to a tiny degree), according to the docs:

如果设置为TRUE，则uniqid()将添加其他熵(使用 返回末尾的组合线性同余生成器) 值，从而增加了结果唯一的可能性.

If set to TRUE, uniqid() will add additional entropy (using the combined linear congruential generator) at the end of the return value, which increases the likelihood that the result will be unique.

请注意第increases the likelihood that the result will be unique行，并非这行会保证唯一性.

Note the line increases the likelihood that the result will be unique and not that is will guarantee uniqueness.

您可以无限地"争取唯一性，并使用任意数量的加密例程进行增强，添加盐之类的东西-取决于目的.

You can 'endlessly' strive for uniqueness, up to a point, and enhance using any number of encryption routines, adding salts and the like- it depends on the purpose.

我建议您查看有关PHP主要主题的评论，尤其是:

I'd recommend looking at the comments on the main PHP topic, notably:

http://www.php.net/manual/zh/function.uniqid.php#96898

http://www.php.net/manual/zh/function.uniqid.php#96549

http://www.php.net/manual/zh/function.uniqid.php#95001

我建议您解决为什么需要唯一性，这是出于安全性(即添加到加密/加扰例程中)吗?另外，如何必须是唯一的?最后，看一下速度注意事项.适应性将随着潜在的考虑因素而改变.

What I'd recommend is working out why you need uniqueness, is it for security (i.e. to add to an encryption/scrambling routine)? Also, How unique does it need to be? Finally, look at the speed consideration. Suitability will change with the underlying considerations.

这篇关于uniqid有多独特?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！