List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:August 20 1999 3:38pm
Subject:RE: Optimization Question
View as plain text  
>Hi Lauren
>
>Isn't 32 character a bit excessive?  From 8 character haxadecimal randomised
>userids there are about 4.3 billion possible strings.  Even if you have
>10,000 active sessions this means that the hacker would still need to guess
>430,000 times before getting lucky!
>
>With 8 characters the index will be quicker.
>
>IMO, if you do not want to reduce the size of the userid then benchmark both
>of your ideas.

Maybe he was generating the strings with the MD5() function; it returns
a 32-character string.

-- 
Paul DuBois, paul@stripped
Thread
Optimization QuestionLauren Daniel Stegman20 Aug
  • Re: Optimization QuestionBenjamin Pflugmann20 Aug
RE: Optimization QuestionPaul Comber20 Aug
  • RE: Optimization QuestionPaul DuBois20 Aug
Re: Optimization QuestionLauren Daniel Stegman20 Aug
RE: Optimization QuestionClinton Gormley20 Aug