Re: Safe for SQL

You could use the MD5->hexdigest() as well:

use strict;
use Digest::MD5;

sub generate_id {
    my $md5 = new Digest::MD5();
    $md5->add($$ , time() , rand(9999) );
    return $md5->hexdigest();
}
[download]

On my machine, this produces a 32 byte string which appears to be what you're looking for. BTW, this method is used in CGI::Session to create session ID's so it should be relatively safe to use in a SQL insert.

--
hiseldl
What time is it? It's Camel Time!

Comment on Re: Safe for SQL Download Code

Replies are listed 'Best First'.
Re: Safe for SQL by Abigail-II (Bishop) on Dec 10, 2002 at 17:48 UTC
It returns a 32 byte string, but you only have 10 bytes of entropy, 2 from the process id, 4 from the time, and 4 from the random number generator. Maybe this is enough, maybe it isn't. There's certainly no garantee it will create unique numbers. Abigail	[reply]
Re: Re: Safe for SQL by hiseldl (Priest) on Dec 10, 2002 at 20:14 UTC
You are absolutely correct, from RFC 1321: ...It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest... So, just using the MD5 algorithm means that there is no gaurantee of a unique message digest. ;-) For something such as a session id for a web script, this is usually sufficient. To resolve your argument, you could add more text until you are reasonably certain that your entropy message is not reproducible: `... while(<LINES_OF_TEXT>) { $md5->add($_); } ...` [download] ...the downside is that it takes longer to compute. One way to gaurantee that the number is unique for that 'insert' statement is to have that database generate the number either from a sequence or stored procedure. I was just trying to keep it simple and sufficient. :-) -- hiseldl What time is it? It's Camel Time!	[reply] [d/l]

In Section Seekers of Perl Wisdom