Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13

Thread: Length of SHA1?

  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts

    Length of SHA1?

    I have the following code to create a random name for photos that are uploaded by a user...
    PHP Code:
        $newBasename sha1($sessMemberID uniqid(mt_rand(), true)); 

    If I put "19" in for the $sessMemberID, I am getting this string with is 42 characters in length?!

    Code:
    64a9b6a88d0475fd45f646314d7fd447bca11632da
    For some reason, when I built all of this last summer, I chose a CHAR(44) field?!


    Can someone help me figure out why the output length is 42 characters, and more importantly, what size I should make my database field?

    Thanks,


    Debbie

  • #2
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    SHA1 produces a 40 character string.

    If the optional raw_output is set to TRUE, then the sha1 digest is instead returned in raw binary format with a length of 20, otherwise the returned value is a 40-character hexadecimal number.
    Last edited by Arcticwarrio; 03-23-2013 at 03:34 AM.
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #3
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    SHA1 produces a 40 character string.
    Then why is the code shown above outputting a string that is 42 characters long?!


    Debbie

    P.S. It appears that I chose a field of CHAR(44) because - as you mention above - SHA1() should give me a FIlename that is 40 character long, so when I add on a file extension (e.g. ".gif") it requires an extra 4 characters.
    Last edited by doubledee; 03-23-2013 at 03:36 AM.

  • #4
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,628
    Thanks
    0
    Thanked 648 Times in 638 Posts
    SHA1 is 20 characters long as raw binary (as would be returned from the call you have in your code with the second parameter set "true" to tell it to return raw binary).

    SHA1 is 40 characters long as a hexidecimal representation (as you'd get if you omit the second parameter or set it to false).

    The 64a9b6a88d0475fd45f646314d7fd447bca11632da isn't raw binary and so didn't come from that SHA1 call - it isn't 40 characters long so it wouldn't be the value returned even if you changed the second parameter because it is too long.

    To get the hexadecimal value you want set the second parameter to false - you will then get the correct 40 character representation.
    Last edited by felgall; 03-23-2013 at 03:38 AM.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by felgall View Post
    SHA1 is 20 characters long as raw binary (as would be returned from the call you have in your code with the second parameter set "true" to tell it to return raw binary).
    Okay, good catch.


    SHA1 is 40 characters long as a hexidecimal representation (as you'd get if you omit the second parameter or set it to false).

    The 64a9b6a88d0475fd45f646314d7fd447bca11632da isn't raw binary and so didn't come from that SHA1 call - it isn't 40 characters long so it wouldn't be the value returned even if you changed the second parameter because it is too long.
    Not true.

    Try running this, and tell me what you get...
    PHP Code:
    <?php
        
    echo sha1(19 uniqid(mt_rand(), true));
    ?>

    Debbie

  • #6
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    You know, on a side note, all I am trying to do is generate a random, fixed-length string to use for the uploaded picture's filename.

    Maybe there is better code to use, since this honestly seems loopy. (I just copied this code from somewhere else...)

    Thanks,


    Debbie

  • #7
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    just auto increment a database table :P
    and buffer it to whatever number of digits you want
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #8
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    <?php
    echo sha1(19 . uniqid(mt_rand(), true));
    ?>

    outputs this for me

    66a6ad60f711f2476d0cbcc0fb166bc20a5c23b8
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #9
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    just auto increment a database table :P
    and buffer it to whatever number of digits you want
    I could, but it is pretty common to do what I'm doing.

    I just want to understand why FORTY-TWO keeps coming up regardless of how I tweak my code...

    PHP Code:
        echo sha1(19 uniqid(mt_rand(), FALSE)); 
    6464f303c4a9ae1540adb202fe1308a49249fba91a
    ------------
    PHP Code:
        echo sha1(19 uniqid(mt_rand(), TRUE)); 
    64aae9bc005a86a54d37cc45c57a430b455f41965e
    ------------
    PHP Code:
        echo sha1(uniqid(mt_rand(), FALSE)); 
    64f47eb7962a60f14d85288bfa0ef9d446367c132a

    All of these strings at 42 characters long!!!


    Debbie

  • #10
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,628
    Thanks
    0
    Thanked 648 Times in 638 Posts
    Quote Originally Posted by Arcticwarrio View Post
    <?php
    echo sha1(19 . uniqid(mt_rand(), true));
    ?>

    outputs this for me

    66a6ad60f711f2476d0cbcc0fb166bc20a5c23b8
    For me it outputted 1d6523e70706d7811e55ab15ba91f2432eeda1e8

    since it is using a random value you'd expect it to return a different value each time - but each of these is 40 characters, not the 42 in the original post.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #11
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by felgall View Post
    For me it outputted 1d6523e70706d7811e55ab15ba91f2432eeda1e8

    since it is using a random value you'd expect it to return a different value each time - but each of these is 40 characters, not the 42 in the original post.
    All I know is that I keep getting strings that are 42 characters long.

    When I remove the variable $sessMemberID (or the hard-coded value of "19"), then I am getting a string that is 40 characters?!

    I can't explain that behavior, so for now, I will assume and hope that...
    PHP Code:
    //?????????????
        
    $newBasename sha1(uniqid(mt_rand(), FALSE));
    //    $newBasename = sha1($sessMemberID . uniqid(mt_rand(), FALSE));
        
    $newFilename $newBasename $fileExt
    ... is a sufficient fix to guarantee a unique, and fixed-width Photo Filename?


    Debbie

  • #12
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,628
    Thanks
    0
    Thanked 648 Times in 638 Posts
    Quote Originally Posted by doubledee View Post
    ... is a sufficient fix to guarantee a unique, and fixed-width Photo Filename?
    sha1 and any other hashing algorithm guarantee NOT unique. Billions of strings will all hash to any specific hash value. All a hash guarantees is that a SMALL change in the original value will create a different hash. Once the change gets big enough you can get the same hash again.

    If you want unique then use uniqid(mt_rand()) or uniqid(sha1($sessMemberID)) to generate a unique value
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #13
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by felgall View Post
    sha1 and any other hashing algorithm guarantee NOT unique. Billions of strings will all hash to any specific hash value. All a hash guarantees is that a SMALL change in the original value will create a different hash. Once the change gets big enough you can get the same hash again.
    I think you are exaggerating...

    Everything I have read says SHA1 is sufficient to create unique file names.

    For example...

    http://web.archive.org/web/201107250...-probabilities

    Using the SHA-1 hash function, the probability of a collision is less than 10-20. Such a scenario seems sufficiently unlikely that we ignore it and use the SHA-1 hash as a unique identifier for a block.

    --------
    If you want unique then use uniqid(mt_rand()) or uniqid(sha1($sessMemberID)) to generate a unique value
    But would that produce fixed-width strings?


    Debbie


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •