Re: [Mason] unique cookies from WithApacheSession

Wed, 16 Sep 2009 10:48:08 -0700 

On Wed, Sep 16, 2009 at 11:25:10AM -0500, Dave Rolsky wrote:
> On Wed, 16 Sep 2009, Mark Copper wrote:
> 
> > On Tue, Sep 15, 2009 at 06:27:45PM -0400, Perrin Harkins wrote:
> >> On Tue, Sep 15, 2009 at 11:54 AM, Mark Copper
> >> <mcop...@titaninterface.com> wrote:
> >>> My question: ?Is there a guarantee that two separately generated cookies
> >>> are different? ?Or is it just probable?
> >>
> >> You're asking about the uniqueness of the IDs in the cookies?  Since
> >> you chose Apache::Session::MySQL, you can look at the code for that
> >> class and see that it uses Apache::Session::Generate::MD5, which you
> >> can also see the code for.  It does not guarantee uniqueness.  You can
> >> switch to one of the other Apache::Session::Generate:: subclasses if
> >> you like.  Read the Apache::Session documentation for more.
> >>
> >> - Perrin
> >
> > Hi Perrin,
> >
> > Yes, I wanted to know whether two trips through
> >  tie %session, 'Apache::Session::MySQL';
> >  $id = $session{_session_id};
> >
> > was sure to give two different id's.
> >
> > And yes, I was having trouble with the docs.  Thank you for your help.
> >
> > So the answer to my question is "no".  In fact, MD5 is not considered
> > "collision resistant".
> 
> Practically speaking, the chances of a collision are ridiculously low. MD5 
> is problematic for passwords but for generating unique ids like this, it's 
> almost certainly good enough.
> 
> Of course, if your application is going trillions+ of sessions per hour, 
> maybe it's not suitable ;)
> 
> 
> -dave

You're right about that.  A table at wikipedia shows the chances of a
collision in a pool of 1 trillion (10^12) randomly generated 128 bit
numbers is about 1 in a trillion.  I'd say that is practically 0.

OTOH, MD5 values aren't quite random and I don't know what that implies
for the chances of a collision.  Personally, I'd be happy to halve the
exponent above...

Mark
    

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users

Reply via email to