Re^2: MD5-based Unique Session ID Generator

Why do you use time 2 times in your list? It will be the same both times.

I assume you are refering to dragonchild's code since the OP doesnt have time in there twice.

It will not matter if the time is the same, the idea is to generate a (sorta) unique string, and it will do that. Once put through md5_hex, it wont much matter after that. MD5 will give you the true uniqueness, all you really need a a bit of entropy to get it started.

-stvn

Comment on Re^2: MD5-based Unique Session ID Generator Select or Download Code

Replies are listed 'Best First'.
Re^3: MD5-based Unique Session ID Generator by pelagic (Priest) on Aug 19, 2004 at 14:59 UTC
To add "time" a second time does not make the string more unique than with just once "time". It makes the theoretical entropy higher but that's not the target here as we are not defending hackers. We just want to avoid collisions. The uniqeness of the id's must be achieved before feeding them through MD5. pelagic	[reply]
Re^4: MD5-based Unique Session ID Generator by stvn (Monsignor) on Aug 19, 2004 at 15:15 UTC
To add "time" a second time does not make the string more unique than with just once "time". I agree, that adding `time` the second time really does not add a whole lot to the uniquness of the string. But what does it hurt? The uniqeness of the id's must be achieved before feeding them through MD5. Given that it is highly unlikely that two sessions will be created within the same apache child process and less than a second away from one another. Just doing `$$ . time()` would likely be sufficient. But then again, this is not my technique (see below for that). -stvn	[reply] [d/l] [select]
Re^5: MD5-based Unique Session ID Generator by MidLifeXis (Monsignor) on Aug 19, 2004 at 17:40 UTC
You have never seen an apache process reply to more than one request in a second? With Apache status reporting time in the multi ms range, I would not make that assumption. I would at least put a counter in each child to make it unique. Or, in the case of Apache, use $ENV{'UNIQUE_ID'} (with the proper configuration, of course). --MidLifeXis	[reply]
Re^3: MD5-based Unique Session ID Generator by Anonymous Monk on Jun 07, 2005 at 20:19 UTC
If we're talking about getting entropy, why don't we go with a better entropy source than the minor disparity between the two calls to time which at MOST will vary by one digit, which is not very entropic. Why don't you just call hotbits and grab some radioactive decay data in hex format, break it apart and loop over it to give us some real entropy. That WILL decidely minimize the chance of collisions. Since your already acting against data returned by Sys::Hostname, this should be right up the alley of what your doing.	[reply]