Generating valid identifiers
steve+comp.lang.python at pearwood.info
Fri Jul 27 03:54:07 CEST 2012
On Thu, 26 Jul 2012 13:28:26 -0600, Ian Kelly wrote:
> The odds of a given pair of identifiers having the same digest to 10 hex
> digits are 1 in 16^10, or approximately 1 in a trillion.
Unless an attacker can select the field names, in which case they may be
able to improve those odds significantly. In the case of MD5, they can
possibly improve those odds to 1 in 1, since MD5 is vulnerable to
collision attacks. Not so for some (all?) of the SHA hashes, at least not
yet, but they're much more expensive to calculate.
If the OP sticks with his intention to use CRC32, the odds won't be
anywhere near that low. CRC32 is neither collision-resistant nor
cryptographically random, and only generates eight hex digits, not ten.
More information about the Python-list