Am 14.11.2012 01:26, schrieb Chris Kaynor: > One option would be using a hash. Python's built-in hash, a 32-bit > CRC, 128-bit MD5, 256-bit SHA or one of the many others that exist, > depending on the needs. Higher bit counts will reduce the odds of > accidental collisions; cryptographically secure ones if outside > attacks matter. In such a case, you'd have to roll your own means of > converting the hash back into the string if you ever need it for > debugging, and there is always the possibility of collisions. A > similar solution would be using a pseudo-random GUID using the url as > the seed.
A hash is the wrong answer to the issue as a hash is open to all sorts of attack vectors like length extension attack. If Robert needs to ensure any kind of collision resistance than he needs a MAC, for example a HMAC with a secret key. If he needs some kind of persistent identifier than some like a URN or DOI may be a better answer. Christian -- http://mail.python.org/mailman/listinfo/python-list