On Wed, Sep 16, 2009 at 11:25:10AM -0500, Dave Rolsky wrote: > On Wed, 16 Sep 2009, Mark Copper wrote: > > > On Tue, Sep 15, 2009 at 06:27:45PM -0400, Perrin Harkins wrote: > >> On Tue, Sep 15, 2009 at 11:54 AM, Mark Copper > >> <mcop...@titaninterface.com> wrote: > >>> My question: ?Is there a guarantee that two separately generated cookies > >>> are different? ?Or is it just probable? > >> > >> You're asking about the uniqueness of the IDs in the cookies? Since > >> you chose Apache::Session::MySQL, you can look at the code for that > >> class and see that it uses Apache::Session::Generate::MD5, which you > >> can also see the code for. It does not guarantee uniqueness. You can > >> switch to one of the other Apache::Session::Generate:: subclasses if > >> you like. Read the Apache::Session documentation for more. > >> > >> - Perrin > > > > Hi Perrin, > > > > Yes, I wanted to know whether two trips through > > tie %session, 'Apache::Session::MySQL'; > > $id = $session{_session_id}; > > > > was sure to give two different id's. > > > > And yes, I was having trouble with the docs. Thank you for your help. > > > > So the answer to my question is "no". In fact, MD5 is not considered > > "collision resistant". > > Practically speaking, the chances of a collision are ridiculously low. MD5 > is problematic for passwords but for generating unique ids like this, it's > almost certainly good enough. > > Of course, if your application is going trillions+ of sessions per hour, > maybe it's not suitable ;) > > > -dave
You're right about that. A table at wikipedia shows the chances of a collision in a pool of 1 trillion (10^12) randomly generated 128 bit numbers is about 1 in a trillion. I'd say that is practically 0. OTOH, MD5 values aren't quite random and I don't know what that implies for the chances of a collision. Personally, I'd be happy to halve the exponent above... Mark ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users