ansaurus

Question

How to create uniqe key value in PHP?

Answer 1

+5 A:

Try uniqid() http://php.net/manual/en/function.uniqid.php

If you can use pecl you can try this module: http://pecl.php.net/package/uuid

Theres also something if you use Ubuntu in your web server: http://code.google.com/p/php-uuid/

Kamil Szot 2010-03-10 00:49:57

UUID is what he wants to use, there are custom functions he can use in the uniqid() comments.

TravisO 2010-03-10 01:00:11

-1: uniqid(), while unique, is too predictable to be used in a security context.

Andrew Moore 2010-03-10 01:04:03

@Andrew, who said anything about security context?

Mike Sherov 2010-03-10 01:14:20

@Mike Sherov: The term **key** is used in the question, versus **id**. **Key** implies that the value will be used for security purposes.

Andrew Moore 2010-03-10 01:15:40

key could also be a database key or a memcache key or a registry key...not necessarily security related

Jay Paroline 2010-03-10 02:11:19

Answer 2

A:

Code

$rand_val = md5(uniqid() + mt_rand());

Doc
mt_rand()
md5
uniqid

Disclaimer
There is a theoretical chance of collision, but not likely. The combination of uniqid and mt_rand() should make it unguessable enough for what ever use there may be. Though this results in a 32 char long string.

(Edited after constructive comments)

MyGGaN 2010-03-10 00:51:22

MD5 is a bit limiting, he can't be sure it's truly unique, and rubbing a substr, this looks like a very poor copycat of UUID, which are superior to what you're doing.

TravisO 2010-03-10 01:01:04

-1: Theoretical collision chance? Highly probable... mt_rand() generates a number between 0 and mt_getrandmax(), which is 2147483647 on most systems. This means only 2147483647 possible values.

Andrew Moore 2010-03-10 01:03:15

Well the subsrt() was b/c he clearly stated 20-30 chars. Agree that is doesn't look nice but why not 32 chars?

MyGGaN 2010-03-10 01:03:39

Answer 3

A:

Use uniqueid()

string uniqid ([ string $prefix = "" [, bool $more_entropy = false ]] )

Although if it's unique, I don't know why you have a minimum length requirement.

Spike 2010-03-10 00:52:03

-1: uniqid(), while unique, is too predictable to be used in a security context.

Andrew Moore 2010-03-10 01:05:17

@Andrew Moore - Where does the question say anything about a security context?

Eli 2010-03-10 01:13:10

@Mike Sherov: The term **key** is used in the question, versus **id**. **Key** implies that the value will be used for security purposes.

Andrew Moore 2010-03-10 01:16:09

Or a map. Or a database.

Spike 2010-03-10 21:37:04

Answer 4

A:

You are looking for an encryption key?

Do not use uniqid() in any context where security is involved. It is too predictable to be used in such context.

The PEAR::Crypt_RSA package allows you to generate cryptographically strong keys in PHP. Once installed in your local PEAR install, you may use it to generate a key as follows:

require_once 'Crypt/RSA.php';

// Creates a 96-bit key, which is 24 hex chars long
$key_pair = new Crypt_RSA_KeyPair(96);

//Returns public key from the pair
$public_key = $key_pair->getPublicKey();

//Returns private key from the pair
$private_key = $key_pair->getPrivateKey();

UUID's may also be good for your goal. Here is a class which will generate standard-compliant UUIDs on all systems:

<?php

/**
 * UUID generator class
 *
 * Generates valid RFC 4211 compliant Universally Unique IDentifiers (UUID) version 3, 4 and 5. 
 * UUIDs generated validate using the OSSP UUID Tool, and the output for named-based UUIDs are 
 * exactly the same. This is a pure PHP implementation.
 *
 * Usage:
 * 
 *   Name-based UUID:
 *
 *     $v3uuid = UUID::v3('1546058f-5a25-4334-85ae-e68f2a44bbaf', 'SomeRandomString');
 *     $v5uuid = UUID::v5(UUID::NS_URL, 'http://www.google.com/');
 *
 *   Pseudo-random UUID:
 *
 *     $v4uuid = UUID::v4();
 *
 *
 * Originally found at: http://www.php.net/manual/en/function.uniqid.php#94959
 *
 * @author Andrew Moore 
 *
 *
 * Modifications made by Henry Merriam <[email protected]> on 2009-12-20:
 *
 *   + Added constants for predefined namespaces as defined in RFC 4211 Appendix C.
 *     + NS_DNS
 *     + NS_URL
 *     + NS_ISO_UID
 *     + NS_X500_DN
 *
 *   + Wrote this documentation comment.
 *
 */
class UUID {

    const NS_DNS     = '6ba7b810-9dad-11d1-80b4-00c04fd430c8'; // FQDN
    const NS_URL     = '6ba7b811-9dad-11d1-80b4-00c04fd430c8'; // URL
    const NS_ISO_OID = '6ba7b812-9dad-11d1-80b4-00c04fd430c8'; // ISO OID
    const NS_X500_DN = '6ba7b814-9dad-11d1-80b4-00c04fd430c8'; // X.500 DN (in DER or a text output format)

    public static function v3($namespace, $name) {

        if(!self::is_valid($namespace)) return false;

        // Get hexadecimal components of namespace
        $nhex = str_replace(array('-','{','}'), '', $namespace);

        // Binary Value
        $nstr = '';

        // Convert Namespace UUID to bits
        for($i = 0; $i < strlen($nhex); $i+=2) {
            $nstr .= chr(hexdec($nhex[$i].$nhex[$i+1]));
        }

        // Calculate hash value
        $hash = md5($nstr . $name);

        // Format and return UUID
        return sprintf('%08s-%04s-%04x-%04x-%12s',

            // 32 bits for "time_low"
            substr($hash, 0, 8),

            // 16 bits for "time_mid"
            substr($hash, 8, 4),

            // 16 bits for "time_hi_and_version",
            // four most significant bits holds version number 3
            (hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x3000,

            // 16 bits, 8 bits for "clk_seq_hi_res",
            // 8 bits for "clk_seq_low",
            // two most significant bits holds zero and one for variant DCE1.1
            (hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000,

            // 48 bits for "node"
            substr($hash, 20, 12)
        );

    }

    public static function v4() {

        return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',

            // 32 bits for "time_low"
            mt_rand(0, 0xffff), mt_rand(0, 0xffff),

            // 16 bits for "time_mid"
            mt_rand(0, 0xffff),

            // 16 bits for "time_hi_and_version",
            // four most significant bits holds version number 4
            mt_rand(0, 0x0fff) | 0x4000,

            // 16 bits, 8 bits for "clk_seq_hi_res",
            // 8 bits for "clk_seq_low",
            // two most significant bits holds zero and one for variant DCE1.1
            mt_rand(0, 0x3fff) | 0x8000,

            // 48 bits for "node"
            mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
        );

    }

    public static function v5($namespace, $name) {

        if(!self::is_valid($namespace)) return false;

        // Get hexadecimal components of namespace
        $nhex = str_replace(array('-','{','}'), '', $namespace);

        // Binary Value
        $nstr = '';

        // Convert Namespace UUID to bits
        for($i = 0; $i < strlen($nhex); $i+=2) {
            $nstr .= chr(hexdec($nhex[$i].$nhex[$i+1]));
        }

        // Calculate hash value
        $hash = sha1($nstr . $name);

        // Format and return UUID
        return sprintf('%08s-%04s-%04x-%04x-%12s',

            // 32 bits for "time_low"
            substr($hash, 0, 8),

            // 16 bits for "time_mid"
            substr($hash, 8, 4),

            // 16 bits for "time_hi_and_version",
            // four most significant bits holds version number 5
            (hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x5000,

            // 16 bits, 8 bits for "clk_seq_hi_res",
            // 8 bits for "clk_seq_low",
            // two most significant bits holds zero and one for variant DCE1.1
            (hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000,

            // 48 bits for "node"
            substr($hash, 20, 12)
        );

    }

    public static function is_valid($uuid) {
        return preg_match('/^\{?[0-9a-f]{8}\-?[0-9a-f]{4}\-?[0-9a-f]{4}\-?'.
            '[0-9a-f]{4}\-?[0-9a-f]{12}\}?$/i', $uuid) === 1;
    }

}

Do not use uniqid() in any context where security is involved. It is too predictable to be used in such context.

Andrew Moore 2010-03-10 00:53:22

If you are going to downvote, leave a comment.

Andrew Moore 2010-03-10 01:06:21

I'm not the downvote, but who said anything about a security context?

Mike Sherov 2010-03-10 01:15:09

@Mike Sherov: The term **key** is used in the question, versus **id**. **Key** implies that the value will be used for security purposes.

Andrew Moore 2010-03-10 01:16:38

-1: This is not a "simple" way of getting a unique key.The requirements was simple and unique.

MyGGaN 2010-03-10 01:17:08

@MyGGaN: The requirements are for generating a **key**, not an **id**. Those are two different things. An **id** is simply a mean to uniquely identify an object and has no real security implications. A **key** is a randomly generated secret used for security purposes.

Andrew Moore 2010-03-10 01:18:17

so PHP's array_keys() have what to do with security?

MyGGaN 2010-03-10 01:18:53

@MyGGaN: Those are array keys... I don't see anything about arrays above.

Andrew Moore 2010-03-10 01:20:01

Answer 5

A:

this will create a unique id for you which is at least 20 chars long

$id = '';
while(strlen($id) < 20)
{
   $id .= uniqid();
}

henchman 2010-03-10 00:54:18

-1: uniqid(), while unique, is too predictable to be used in a security context.

Andrew Moore 2010-03-10 01:04:58

ansaurus

tags:

views:

answers:

How to create uniqe key value in PHP?

related questions