On Oct 27, 10:53 am, "Nick Johnson (Google)" <[email protected]> wrote: > Collision attacks on MD5 have been found, yes. But a collision attack > requires the attacker to specify both strings, and currently at least, > requires them to be at least 128 bytes long, and makes no guarantee about > human readability. A preimage attack, which would find a plaintext that > hashes to the same value as a given hash, has not been found - and in any > case, the plaintext would not be the same as the input one.
ah, ok - Seems I haven't fully understood the articles, I've read. I was not aware, that the collissions only happen for input that is >= 128 bytes. So: I agree, that using an MD5 hash in this case is sufficiently random. but since I'm quite paranoid, I won't use it :) although I am well aware that any app. I wrote and will write has a lot of other far more serious security related problems than this one :) On Oct 27, 12:09 pm, Tim Hoffman <[email protected]> wrote: > Becuase the problem comes down to definining a unique id, using one of > the various UUID methods will work (an most then use something > unique like a email address, randome seed, and time) anything that > requires incrementing a counter to provide a unique id will then > require sharding counters > if you creating them rapidly. hmm.. I'm talking about unique long keys, that the datastore assigns when an entity is created: e.g. see IdGeneratorStrategy.IDENTITY in http://tinyurl.com/yg99p35 so creating a unique id is not a problem (at least not for me, but for the datastore) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
