Better RedLock token

[mvorisek]

improve redis token entropy and make the token hexadecimal (easier to debug)

[willemstuursma]

Thank you. This does not improve the entropy of the token.

I'll take a PR that uses binhex() on the binary data, I understand that it is useful to have a human readable token.

[mvorisek]

@willemstuursma

• random_bytes is supposed to be good enough even cryptographically safe entropy. Adding a microtime, which we READ ANYWAY a few lines before, can not worse it.
• if binhex() on binary data is ok with you, then hashing the input to hex should be fine too

[willemstuursma]

Hi @mvorisek.

There is no reason to add the microtime to the input of the hashing function.
There is no reason to use a hashing function instead of converting the random bytes to a human readable value directly.

A change should have a good reason behind it. Else it the change is arbitrary and I prefer my own over yours.

I already explained that a PR that does binhex() only is acceptable to me. That has a clear reason, e.g. to make the tokens human readable when debugging.

[mvorisek]

@willemstuursma ok, updated

[willemstuursma]

Thanks.

It is not breaking locking compatibility between versions, so it can go in a minor release.