Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated route names are prone to collision #60

Closed
vlakoff opened this issue Jul 30, 2023 · 1 comment
Closed

Generated route names are prone to collision #60

vlakoff opened this issue Jul 30, 2023 · 1 comment

Comments

@vlakoff
Copy link

vlakoff commented Jul 30, 2023

Coming from ded968e#commitcomment-123084859:

10 hexadecimal characters have an entropy of 40 bits. That is very low (for perspective, only barely above CRC32, which is very prone to collision).
I would suggest to slightly raise the number of characters.

(see the 2nd table at https://en.wikipedia.org/wiki/Password_strength#Random_passwords)

Excerpt from the mentioned table:

Entropy Hexadecimal chars
8 bits 2
32 bits 8
40 bits 10
64 bits 16
80 bits 20
96 bits 24
128 bits 32
160 bits 40
192 bits 48
224 bits 56
256 bits 64

As you can see at the bottom of this article, 32-bit is insanely low:

Hash Collision Probabilities

Therefore, I would recommend no less than 16 characters (entropy of 64 bits).
@nunomaduro
Copy link
Member

Thank you for suggesting this change. Do you mind submitting a pull request to this file for the change you wish to see? Thank you again for bringing this to our attention!

folio/src/MountPath.php

Line 27 in ded968e

return 'folio-'.substr(sha1($this->baseUri), 0, 10);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vlakoff @nunomaduro