As long as some of the private information is not guessable, the output should be impossible for other people to predict. With $N possible output states, if $m and $n are much smaller than $N, then the naive probability that $m guesses manages to match one of $n valid keys is approximately $m*$n/$N. So with 2**64 possible states, you would expect to see collisions between 4 billion states and 4 billion guesses. Drop either of those by an order of magnitude, and you probably have no collisions. Increase by an order of magnitude, and you probably have lots of them.

This estimate is off because it disregards the possibility of multiple collisions, which cannot be discounted if overall a single collision becomes reasonably likely. A substantially less naive approximation uses the Poisson distribution, and says that the probability of a collision is 1 - exp(-$m*$n/$N). This is off becaue it discounts the extent to which $m guesses exhausts the overall search space, which effect in this case affects the result a few decimal places down, but does not matter.

That estimate is therefore the one you should quote in estimating the effort it would take to create a probability of compromising your system.

Personally I would use the 64-bit representation and do a tr to convert the two non-URL safe characters to URL-safe ones. Sure it might be overkill. But it is extra safety for free, why not take it?

In reply to Re (tilly) 1: How safe is truncating an MD5 digest string? by tilly
in thread How safe is truncating an MD5 digest string? by lemmett

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.