Generating Unique Keys
Paul Rubin
phr-n2003b at NOSPAMnightsong.com
Tue Jan 28 15:45:21 EST 2003
trevp at trevp.net (Trevor Perrin) writes:
> I think that's a little iffy - SHA1 has a "length extension" property,
> where if you know h(m) for some message m that's a multiple of the
> block length (64 bytes in this case) you can compute h(m+x) (i.e. m
> with x appended). So if one of your unique integers was a prefix of
> another, and your secret_prefix was the right size, you'd be in
> trouble. It would be better to use hmac-sha1 with the secret_prefix
> as the key.
We're talking about ordinary 32-bit integers, so it would take a
difficult combination of circumstances to make that attack work,
but yeah, using hmac would remove the issue.
> And it would be better to generate the secret_prefix as a good
> random number on system startup, not bake it into a configuration.
If you've got a source of good random numbers, you can just use them
directly as tokens and not need this hashing stuff.
More information about the Python-list
mailing list