Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Salt has a maximum effective length #88

Closed
martyf opened this issue May 2, 2017 · 3 comments
Closed

Salt has a maximum effective length #88

martyf opened this issue May 2, 2017 · 3 comments

Comments

@martyf
Copy link

martyf commented May 2, 2017

I've found that the salt has a maximum effective length.

The below example shows the issue.

$salt is a 24 character string.

The first example makes it 25 characters by adding "1" to the end.

But both encodes return the same hashid.

If you remove the

$minLength = 12;
$alphabet = 'abcdefghijklmnopqrstuvwxyz0123456789';

$salt = 'abcdefghijklmnopqrstuvyx';

$hashids = new Hashids($salt.'1', $minLength, $alphabet);
echo $hashids->encode(1); // 7nmz3e834jeg

$hashids = new Hashids($salt, $minLength, $alphabet);
echo $hashids->encode(1); // 7nmz3e834jeg

Given the salt for both of these is different, I would expect that they encode to different results.

If the salt has a maximum effective length, I would expect the library to communicate that somehow (error, exception) but there's no trace of anything being wrong.

What this then leads to is different salts creating the same encode.

Removing the custom alphabet removes the issue in this example, however it appears again with a longer salt:

$minLength = 12;
$salt = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRST';

$hashids = new Hashids($salt.'1', $minLength);
echo $hashids->encode(1); // 5qzGLO5gDYvr

$hashids = new Hashids($salt.'', $minLength);
echo $hashids->encode(1); // 5qzGLO5gDYvr

Removing the $minLength creates the same issue:

$salt = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRST';

$hashids = new Hashids($salt.'1');
echo $hashids->encode(1); // O5

$hashids = new Hashids($salt.'');
echo $hashids->encode(1); // O5

With all of this in mind, what should our considerations be when choosing a salt?
@ascmove
Copy link

ascmove commented Jun 13, 2017

That's fine

@martyf
Copy link
Author

martyf commented Jun 14, 2017

It may be "fine", but it needs to be documented (or explained).

The docs don't talk about length of the salt - in my system, given I have different object types, that makes up part of the salt (as well as a random string for each project) - but this is where the length became an issue. To avoid duplicate IDs (i.e. 1 for Object A = 1 from Object B), each salt takes in to account the class name that it is for. So I had to find a way to keep it unique across each project and each object type, while keeping the salt length short.

But the docs should still be updated to make reference to a maximum length for the salt.

@vinkla
Copy link
Owner

vinkla commented Jul 13, 2017

Thanks for the suggestion about updating the documentation. Any pull request you send our way we'll take a look at. I'll close this in the meantime.

@vinkla vinkla closed this as completed Jul 13, 2017
@ptrofimov ptrofimov mentioned this issue Jun 11, 2018
Closed
@aradalvand aradalvand mentioned this issue Jan 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vinkla @martyf @ascmove