Small optimizaions to random id generation

Use serialize instead of implode to add a bit more variance, since the location of array entries in the shuffled array (for now, only sys_getloadavg()) can vary. Add more random inputs (memory usage, Hash ID) Use SHA1 instead of MD5 - since we need a 23 character string, MD5 only gets us 22 base64 chars so using a random value from mt_rand() was only providing 10 bytes of randomness in the 23rd char.
horde · Feb 20, 2015 · b2c3ec0 · b2c3ec0
1 parent f096ea0
commit b2c3ec0
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/framework/Support/lib/Horde/Support/Randomid.php b/framework/Support/lib/Horde/Support/Randomid.php
@@ -36,20 +36,23 @@ public function __construct()
      */
     public function generate()
     {
-        $r = mt_rand();
-
         $elts = array(
-            $r,
             uniqid(),
-            getmypid()
+            mt_rand(),
+            getmypid(),
+            spl_object_hash($this)
         );
         if (function_exists('zend_thread_id')) {
             $elts[] = zend_thread_id();
         }
         if (function_exists('sys_getloadavg') &&
-            $loadavg = sys_getloadavg()) {
+            ($loadavg = sys_getloadavg())) {
             $elts = array_merge($elts, $loadavg);
         }
+        if (function_exists('memory_get_usage')) {
+            $elts[] = memory_get_usage();
+            $elts[] = memory_get_peak_usage();
+        }
 
         shuffle($elts);
 
@@ -58,8 +61,8 @@ public function generate()
         return substr(str_replace(
             array('/', '+', '='),
             array('-', '_', ''),
-            base64_encode(pack('H*', hash('md5', implode('', $elts))))
-        ) . $r, 0, 23);
+            base64_encode(hash('sha1', serialize($elts), true))
+        ), 0, 23);
     }
 
     /**