-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Salt has a maximum effective length #88
Comments
That's fine |
It may be "fine", but it needs to be documented (or explained). The docs don't talk about length of the salt - in my system, given I have different object types, that makes up part of the salt (as well as a random string for each project) - but this is where the length became an issue. To avoid duplicate IDs (i.e. 1 for Object A = 1 from Object B), each salt takes in to account the class name that it is for. So I had to find a way to keep it unique across each project and each object type, while keeping the salt length short. But the docs should still be updated to make reference to a maximum length for the salt. |
Thanks for the suggestion about updating the documentation. Any pull request you send our way we'll take a look at. I'll close this in the meantime. |
I've found that the salt has a maximum effective length.
The below example shows the issue.
$salt is a 24 character string.
The first example makes it 25 characters by adding "1" to the end.
But both encodes return the same hashid.
If you remove the
Given the salt for both of these is different, I would expect that they encode to different results.
If the salt has a maximum effective length, I would expect the library to communicate that somehow (error, exception) but there's no trace of anything being wrong.
What this then leads to is different salts creating the same encode.
Removing the custom alphabet removes the issue in this example, however it appears again with a longer salt:
Removing the $minLength creates the same issue:
With all of this in mind, what should our considerations be when choosing a salt?
The text was updated successfully, but these errors were encountered: