Felix Ingram wrote: > On 8/10/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote: > >> Just username+randomstring is good. >> SHA better than md5. >> > > Choice of hashing algorithm means nothing here. The only thing about > SHA is that you'll get a longer string (160 bit rather than 128). > > If all you want is a random string then just use a random string. > > Felix > However, a longer string gives you more unique combinations before you have a collision.
I do agree that one small piece of non-random information will protect you more against duplicates though. That way, if the same random number is generated for two different users, they wouldn't turn out to be the same hash (using either MD5 or SHA). Say we have firstnames and two users get the same random bit added to the firstname when generating their key: paul + 78uyy5jji = ADB01D7112EC1296DB1DFA87E37036B1 (md5) julie + 78uyy5jji = A6EC2D3C8E0C831012F05E7A1EB4E080 Obviously if you only used the random bit, a duplicate key would be created here, both users would end up with the same key: 78uyy5jji = C5E9348386E8DECF6DDC879E7E914B92 Of course, you should use a longer random string than my example here, which would reduce the chances of getting a duplicate, but I still recommend using some part of the user's profile (or even a timestamp) if you're going to use MD5 or SHA. Really, using a 128 bit or 160 bit (recommended) random string is all you need to do, but MD5 and SHA make that step easier. . No matter what you do there is always a chance for a duplicate key to come up (something you should check in your system before assigning), but the longer the key, the less likely that will happen. But too long and your users will hate you. ;) Jay --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---