Generating valid identifiers

Steven D'Aprano steve+comp.lang.python at pearwood.info
Fri Jul 27 03:54:07 CEST 2012


On Thu, 26 Jul 2012 13:28:26 -0600, Ian Kelly wrote:

> The odds of a given pair of identifiers having the same digest to 10 hex
> digits are 1 in 16^10, or approximately 1 in a trillion.

Unless an attacker can select the field names, in which case they may be 
able to improve those odds significantly. In the case of MD5, they can 
possibly improve those odds to 1 in 1, since MD5 is vulnerable to 
collision attacks. Not so for some (all?) of the SHA hashes, at least not 
yet, but they're much more expensive to calculate.

If the OP sticks with his intention to use CRC32, the odds won't be 
anywhere near that low. CRC32 is neither collision-resistant nor 
cryptographically random, and only generates eight hex digits, not ten.


-- 
Steven



More information about the Python-list mailing list