Generating Unique Keys
Paul Rubin
phr-n2003b at NOSPAMnightsong.com
Tue Jan 28 15:45:21 EST 2003
More information about the Python-list mailing list
Tue Jan 28 15:45:21 EST 2003
- Previous message (by thread): Generating Unique Keys
- Next message (by thread): Generating Unique Keys
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
trevp at trevp.net (Trevor Perrin) writes: > I think that's a little iffy - SHA1 has a "length extension" property, > where if you know h(m) for some message m that's a multiple of the > block length (64 bytes in this case) you can compute h(m+x) (i.e. m > with x appended). So if one of your unique integers was a prefix of > another, and your secret_prefix was the right size, you'd be in > trouble. It would be better to use hmac-sha1 with the secret_prefix > as the key. We're talking about ordinary 32-bit integers, so it would take a difficult combination of circumstances to make that attack work, but yeah, using hmac would remove the issue. > And it would be better to generate the secret_prefix as a good > random number on system startup, not bake it into a configuration. If you've got a source of good random numbers, you can just use them directly as tokens and not need this hashing stuff.
- Previous message (by thread): Generating Unique Keys
- Next message (by thread): Generating Unique Keys
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list