Re: Generating unique session ids

Skip site navigation (1) Skip section navigation (2)

Peripheral Links

Text Size: Normal / Large
Donate
Contact

Header And Logo

The world's most advanced open source database.

Site Navigation

Re: Generating unique session ids

From: Chris Mair <list(at)1006(dot)org>
To: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Generating unique session ids
Date: Thu, 27 Jul 2006 15:34:16 +0200

> > SELECT md5('secret_salt' || nextval('my_seq')::text)
> 
> * When somebody knows md5('secret_salt' || '5') he will be able to
> easily compute
> 	md5('secret_salt' || '50')
> 	md5('secret_salt' || '51')
> 	md5('secret_salt' || '52')
> 	...
> 	md5('secret_salt' || '59')
> 	md5('secret_salt' || '500')
> 	md5('secret_salt' || '501')
> 	...
> 	md5('secret_salt' || '[any number starting from 5]').
> Without knowledge of 'secret_salt'. So your proposal is totally
> insecure.

Challenge :)

chris=> select md5('******' || '5');
               md5
----------------------------------
 7b076f591070f6912e320b95782250ae
(1 row)

I won't tell what '******' was.

Can you send me what md5('******' || '50') will give?

Bye,
Chris.

References:
- Generating unique session ids
  - From: Antimon
- Re: Generating unique session ids
  - From: Tom Lane
- Re: Generating unique session ids
  - From: Tomasz Ostrowski
- Re: Generating unique session ids
  - From: Lexington Luthor
- Re: Generating unique session ids
  - From: Tomasz Ostrowski

Prev by Date: Re: Generating unique session ids
Next by Date: Re: Generating unique session ids
Previous by thread: Re: Generating unique session ids
Next by thread: Re: Generating unique session ids
Indexes:
- Main
- Thread

Home | Main Index | Thread Index

Search

Peripheral Links

Header And Logo

Site Navigation

Section Navigation

Re: Generating unique session ids

Search for
	Advanced Search