From 5ce6eb403fb6e71d3eb1860c4d53dd5c869d4108 Mon Sep 17 00:00:00 2001 From: Paul Reinheimer Date: Thu, 3 May 2012 21:59:33 +0000 Subject: [PATCH] - Adding note about how uniqid() isn't a way to generate cryptographically secure tokens, and pointing users towards the openssl stuff. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@325524 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/misc/functions/uniqid.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/reference/misc/functions/uniqid.xml b/reference/misc/functions/uniqid.xml index cf1e1067b1..51c608a45a 100644 --- a/reference/misc/functions/uniqid.xml +++ b/reference/misc/functions/uniqid.xml @@ -124,12 +124,22 @@ printf("uniqid('', true): %s\r\n", uniqid('', true)); &reftitle.notes; + + + This function does not generate cryptographically secure tokens, + in fact without being passed any additional parameters the return + value is little different from microtime. If + you need to generate cryptographically secure tokens use + openssl_random_psuedo_bytes. + + Under Cygwin, the more_entropy must be set to &true; for this function to work. +