Mark Copper wrote: > On Wed, Sep 16, 2009 at 11:25:10AM -0500, Dave Rolsky wrote: >> Practically speaking, the chances of a collision are ridiculously low. MD5 >> is problematic for passwords but for generating unique ids like this, it's >> almost certainly good enough. >> >> Of course, if your application is going trillions+ of sessions per hour, >> maybe it's not suitable ;) >> >> >> -dave > > You're right about that. A table at wikipedia shows the chances of a > collision in a pool of 1 trillion (10^12) randomly generated 128 bit > numbers is about 1 in a trillion. I'd say that is practically 0. > > OTOH, MD5 values aren't quite random and I don't know what that implies > for the chances of a collision. Personally, I'd be happy to halve the > exponent above...
I'm not sure if this is a good idea [perhaps someone else can comment], but for the purpose of a session ID, you could combine MD5 with something like the IP address of the user. Still not perfect since two users might have the same IP address if they are behind the same proxy (I think...)... And it also assumes you aren't interested if the same user returns later under a different IP address... Other options include the date of the initial visit (what are the odds of a trillion visits in one day? :-) ). Ray ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
