Mailing List Archive

On Thu, 17 Feb 2000, you wrote:
> hi,
>
> I'm looking to generate a unique id, probably 128bits. Any suggestions
> on how to do this with mod_perl/apache?

MD5 of rand and %ENV ?

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

On Thu, Feb 17, 2000 at 08:18:16AM -0800, Jason C. Leach wrote:
> hi,
>
> I'm looking to generate a unique id, probably 128bits. Any suggestions
> on how to do this with mod_perl/apache?
>
> j.

mod_unique_id sets $ENV{'UNIQUE_ID'}

see: http://www.apache.org/docs/mod/mod_unique_id.html


also --
from wing-0.9 there is this code:

@session_chars = ('A' .. 'Z', 'a' .. 'z', 0 .. 9, '.', '-');

#
# Generate a cryptographically strongly random 120-bit session id
# returned as 24 characters from teh 64-character set [A-Za-z0-9.-].
# Platforms without /dev/urandom will have to rewrite this.
#
sub make_session_id {
if (!defined(fileno(RANDOM))) {
open(RANDOM, "/dev/urandom") or return undef;
}
my $rawid;
if (read(RANDOM, $rawid, 24) != 24){
return undef;
}
$rawid =~ s/(.)/$session_chars[ord($1) & 63]/egs;
return $rawid;
}

-- wendell

On Thu, Feb 17, 2000 at 04:32:55PM +0000, Matt Sergeant wrote:
> On Thu, 17 Feb 2000, you wrote:
> > hi,
> >
> > I'm looking to generate a unique id, probably 128bits. Any suggestions
> > on how to do this with mod_perl/apache?
>
> MD5 of rand and %ENV ?

An algorithm that I've used is to concatenate the IP address of the current host,
the PID, the current time in milliseconds, and a counter that goes from 1 to 1024.

Then MD5 it.

This will be globally unique (unless 1024 are created in one millisecond, or you
have two hosts with the same IP), I believe.

-DeWitt

>> I'm looking to generate a unique id, probably 128bits. Any suggestions
>> on how to do this with mod_perl/apache?
>
>MD5 of rand and %ENV ?
>
Since you mentioned mod_perl I'll assume you're on Unix, so you can just use mod_unique_id, which already comes with Apache. Compile it in (or enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if using CGI emulation, or get at the value using the Apache request methods (?) if you're not.

...Steve


--
Steve van der Burg
Information Services
London Health Sciences Centre
(519) 685-8300 ext 35559
steve.vanderburg@lhsc.on.ca

hi,

ok. I ended up fetching the $ENV. How can I do that and not use CGI
emulation; if not using CGI is better practice.

Thanks,
j.

On Thu, Feb 17, 2000 at 11:39:50AM -0500, Steve van der Burg wrote:
> >> I'm looking to generate a unique id, probably 128bits. Any suggestions
> >> on how to do this with mod_perl/apache?
> >
> >MD5 of rand and %ENV ?
> >
> Since you mentioned mod_perl I'll assume you're on Unix, so you can just use mod_unique_id, which already comes with Apache. Compile it in (or enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if using CGI emulation, or get at the value using the Apache request methods (?) if you're not.
>
> ...Steve
>
>
> --
> Steve van der Burg
> Information Services
> London Health Sciences Centre
> (519) 685-8300 ext 35559
> steve.vanderburg@lhsc.on.ca
>

>> I'm looking to generate a unique id, probably 128bits. Any
>suggestions
>> >> on how to do this with mod_perl/apache?
>> >
>> >MD5 of rand and %ENV ?
>> >
>> Since you mentioned mod_perl I'll assume you're on Unix, so you can just
>use mod_unique_id, which already comes with Apache. Compile it in (or
>enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if
>using CGI emulation, or get at the value using the Apache request methods
>(?) if you're not.
>>
>> ...Steve
>>
>
>ok. I ended up fetching the $ENV. How can I do that and not use CGI
>emulation; if not using CGI is better practice.

From p.332 of the Eagle book:

$r->subprocess_env('UNIQUE_ID')

There's been lots of discussion on the list about CGI emulation vs. "true" mod_perl coding. To get performance as high as possible, you need to throw away CGI emulation. In the real world, it's often a handy thing to have. I do some of each.

...Steve


--
Steve van der Burg
Information Services
London Health Sciences Centre
(519) 685-8300 ext 35559
steve.vanderburg@lhsc.on.ca

For a really nice "unique" id, I like Jeffrey Baker's APache::Session hash
function which uses a load of random stuff mungled together. You might want
to snag that out of the code.

His routine doesnt work too well on a select few platforms (eg Win98 + ISAPI
Perl), but it works great on Apache mod_perl.

One thing to note: MD5 hashes DO have a possibility of being having a hash
collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
probably still keep track of what ids had been generated previously. I guess
it depends on what you want to do.

Matt Sergeant wrote:

> On Thu, 17 Feb 2000, you wrote:
> > hi,
> >
> > I'm looking to generate a unique id, probably 128bits. Any suggestions
> > on how to do this with mod_perl/apache?
>
> MD5 of rand and %ENV ?
>
> --
> <Matt/>
>
> Details: FastNet Software Ltd - XML, Perl, Databases.
> Tagline: High Performance Web Solutions
> Web Sites: http://come.to/fastnet http://sergeant.org
> Available for Consultancy, Contracts and Training.

On Thu, 17 Feb 2000, Gunther Birznieks wrote:

> One thing to note: MD5 hashes DO have a possibility of being having a hash
> collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
> probably still keep track of what ids had been generated previously. I guess
> it depends on what you want to do.

Assuming that MD5 distributes things pretty evenly over its 128 bit
space, the chances are:

1 in 340,282,366,920,940,000,000,000,000,000,000,000,000

(approx...my calculator only has so many digits of precision. :) )

As long as you are hashing a decent sized piece of data to begin with
that's appropriately random, I wouldn't worry TOO much about it. :)

- Bill

Hi all,

On Thu, 17 Feb 2000, Bill McKinnon wrote:

> Assuming that MD5 distributes things pretty evenly over its 128 bit
> space, the chances are:
>
> 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000


Recently, somebody calculated live on TV that the odds against giving
birth on Jan 1 2000 (given certain assumptions) to be 32,000 to 1
against. Those of you who know that there aren't 32,000 days in a
month will spot the similarity with the 51-digit number above.

A famous British Prime Minister once said

"There are lies, damned lies, and statistics."

73,
Ged.

"G.W. Haywood" wrote:
>
> Hi all,
>
> On Thu, 17 Feb 2000, Bill McKinnon wrote:
>
> > Assuming that MD5 distributes things pretty evenly over its 128 bit
> > space, the chances are:
> >
> > 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000
>
> Recently, somebody calculated live on TV that the odds against giving
> birth on Jan 1 2000 (given certain assumptions) to be 32,000 to 1
> against. Those of you who know that there aren't 32,000 days in a
> month will spot the similarity with the 51-digit number above.
>
> A famous British Prime Minister once said
>
> "There are lies, damned lies, and statistics."
>
> 73,
> Ged.

Certainly you want to take into account how many times you will test
the likelihood of something...if the chances are 1 in 75,000,000 that
I'll win the lottery but I buy 50,000,000 tickets, the chances are a wee
bit better that I'll win. :) But to even begin to make a dent in the above
number you have to test a LARGE number of times. And all this might be
academic anyway, since I've realized that the math is slightly more complex
than I've made it out to be. Bruce Schneier does a great job of discussing
the issues in _Applied Cryptography_, in Chapter 18, "One-Way Hash
Functions." The whole point of message digest algorithms (or one of the
points) is, given a message M and its hash H(M), make it hard to find another
message M' where H(M) = H(M'). Just because of this fact alone you should
know that you are reasonably safe from that sort of thing happening. Schneier
points out a few theorectical flaws/past attacks against MD5 that might
make the ultra paranoid avoid it...if you are one of these, use SHA1 or
something (that has 160 bits of output). Mostly though, I think it's far more
likely that your memory or CPU will spontaneously blip and give you an
incorrect value, and we obviously don't test for that sort of thing. :)
This is probably going offtopic for modperl...if people want to discuss
things more, it might be best done offline.

- Bill

hi,

Ya. I take Apache's UID and run it through MD5.

j.


On Thu, Feb 17, 2000 at 12:23:44PM -0700, Bill McKinnon wrote:
>
> On Thu, 17 Feb 2000, Gunther Birznieks wrote:
>
> > One thing to note: MD5 hashes DO have a possibility of being having a hash
> > collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
> > probably still keep track of what ids had been generated previously. I guess
> > it depends on what you want to do.
>
> Assuming that MD5 distributes things pretty evenly over its 128 bit
> space, the chances are:
>
> 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000
>
> (approx...my calculator only has so many digits of precision. :) )
>
> As long as you are hashing a decent sized piece of data to begin with
> that's appropriately random, I wouldn't worry TOO much about it. :)
>
> - Bill
>

Hi all,

Sorry, I didn't mean to start a battle!

On Fri, 18 Feb 2000, Gunther Birznieks wrote:

> Just because I am unlikely to get killed bungee jumping isn't going
> to make me want to rush out and try it. :)

And just because I'm paranoid it doesn't mean that they aren't out to
get me...

But Bill's right, we're way off-topic with this.

73,
Ged.

On Thu, 17 Feb 2000, Steve van der Burg wrote:

> >> I'm looking to generate a unique id, probably 128bits. Any
> >suggestions
> >> >> on how to do this with mod_perl/apache?
> >> >
> >> >MD5 of rand and %ENV ?
> >> >
> >> Since you mentioned mod_perl I'll assume you're on Unix, so you can just
> >use mod_unique_id, which already comes with Apache. Compile it in (or
> >enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if
> >using CGI emulation, or get at the value using the Apache request methods
> >(?) if you're not.
> >>
> >> ...Steve
> >>
> >
> >ok. I ended up fetching the $ENV. How can I do that and not use CGI
> >emulation; if not using CGI is better practice.
>
> >From p.332 of the Eagle book:
>
> $r->subprocess_env('UNIQUE_ID')
>
> There's been lots of discussion on the list about CGI emulation vs. "true" mod_perl coding. To get performance as high as possible, you need to throw away CGI emulation. In the real world, it's often a handy thing to have. I do some of each.

The %ENV gets set by default, no matter what you use -- see:
http://perl.apache.org/guide/performance.html#PerlSetupEnv_Off



_______________________________________________________________________
Stas Bekman mailto:sbekman@iname.com http://www.stason.org/stas
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
perl.apache.org modperl.sourcegarden.org perlmonth.com perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com