Welcome Guest, Not a member yet? Register   Sign In
Does this small piece of code seem ok?
#11

(This post was last modified: 10-30-2015, 01:27 PM by ignitedcms.)

Don't forget there are also costs involved in checking. Which is why GUIDs are designed so you don't have the management of repeat number overhead to worry about.

I know it doesn't seem like much of a problem to do a select before hand, but lets say you've got hundreds of thousands of visitors and these unique ids are tied to dynamically generated form inputs which a user could have many of, hundreds if not more, and before they generate a new one the db has to do a check. It could affect performance.

Choose a suitably large number random and this would avoid this.

Expect of course, for the birthday paradox

http://betterexplained.com/articles/unde...y-paradox/


And some more interesting ideas solving the birthday paradox

http://getsolid.io/blog/birthday-paradox-coding-solid/

But yes I do understand your point.
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply
#12

@iamthwee
Yes, you are right the probabilities are astounding. But it can also happen on the first day, or every day for a year. Unlikely but it can. And knowing me, as soon as the first paying customer tries it, it will fail and the customer will think 'This is rubbish, it does not work.'.

@Narf
That is a fabulous idea. Why I didn't think of that I don't know. Basing the code on the time plus a random string is brilliant.
Also, the way you have done it is just fantastic. I have spent ages on php fiddle breaking it all out and trying to work out how it works.

Code:
$guest_code = bin2hex(pack('N', microtime(TRUE))).bin2hex(get_instance()->security->get_random_bytes(4));

Microtime is time with microseconds since epoch.
Micortime = 1446237483.42

Packing it with 'N' makes sure it is 32 bits long, or four bytes, or 4 characters.
bin2hex makes it all 'normal' characters and 8 in length, 2 characters per digit for hex encoding.
Joined with random 4 bytes, hex encoded to 8 in length, making 16 in total.

Simply Brilliant :-)

I also had great fun trying to work all that out.

Thanks everyone. I learned tons of stuff and that small bit of code that was bugging me I have finally put to rest :-)

Best wishes,

Paul.
Reply
#13

(This post was last modified: 10-30-2015, 02:15 PM by PaulD. Edit Reason: Added image )

Quote:Expect of course, for the birthday paradox

http://betterexplained.com/articles/unde...y-paradox/

Ha, I love that paradox. It is genuinely the best example of our brains being naturally a bit stupid that I know.

Except of course this one:
http://io9.com/5935588/why-does-this-sti...ar-to-move
Image attached

Both of those examples, although full explained, are always mind blowing.

Best wishes,

Paul.

PS We crossed post each other so I missed you last post with my last post - if that makes sense.

 

Attached Files Thumbnail(s)
   
Reply
#14

(This post was last modified: 10-30-2015, 02:34 PM by ignitedcms.)

Haha no worries about cross posting. Actually, this thread has opened my eyes on a few things. I never knew about the birthday paradox before reading this and just thought a random 16 digit string would have the same probability of collison (very low).

But when you consider if data strings already exist in the database then the birthday paradox comes into play. Obviously for huge string like GUIDs the birthday paradox is practically insignificant.

Also I believe narf's solution is based on generating a truly random number, so it's more the algorithm used that is significant rather than anything else. I'm assuming rand_alnum doesn't make use of php's openssl function thingy which bin2hex does.

Also, here's another perplexing question, why does the dots NOT move when you squint your eyes Wink
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply
#15

lol

How about, even when I know exactly what it is, why does my brain refuse to accept that the face is rotating to the right, not the left.

https://www.youtube.com/watch?v=sKa0eaKsdA0

Paul.
Reply
#16

(This post was last modified: 10-30-2015, 02:44 PM by Martin7483.)

I see it rotating to the right, but half way the inner part of the mask seems to rotate to the left Tongue
Reply
#17

(10-30-2015, 09:41 AM)PaulD Wrote: That is an awesome solution!!!!

At first I was concerned that it was worse as it might hit the memory limit as php has to remember all the deeper and deeper levels of functions within functions, but that is  not how PHP works in this case (I think). It seems that it assigns the function to the variable, returns that, 'level' closed, then re-evaluates it.

I know you already find a better solution, but I'm just curious to know why you think a recursive function is better than a loop. It seems like a lot of people hate loops. I like loops. Loops are cool! Cool
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply
#18

(10-30-2015, 10:10 AM)iamthwee Wrote: With a random 16  alphanumeric string, I don't even check if it is duplicated. The chances are too low. If you're still worried increase the string length.

Your logic is based on the precondition that it is indeed a random string ... sadly, it's not.
It looks random, but mt_rand() (which provides the "randomness" here) is not random at all; it's output is almost 100% predictable once you know the seed value, and the seed is IIRC based on the process ID. So the chances of a collision are way higher than you would expect.

That's why this function is not good for cryptographic purposes.
Reply
#19

(10-30-2015, 02:33 PM)iamthwee Wrote: Also I believe narf's solution is based on generating a truly random number, so it's more the algorithm used that is significant rather than anything else. I'm assuming rand_alnum doesn't make use of php's openssl function thingy which bin2hex does.

Just a little correction - bin2hex() just encodes binary data into hexadecimal strings, it's CI_Security::get_random_bytes() that provides the randomness.

Also, the randomness itself is not the result of an algorithm (the uniqueness is).
Reply
#20

(This post was last modified: 10-31-2015, 05:36 AM by ignitedcms.)

Thanks for the correction, is there any particular reason why rand_alnum() and others does not make use of the security class to improve random number generation.

I'd assume it would be easy enough to change (or is it) or are there other factors to consider?
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply




Theme © iAndrew 2016 - Forum software by © MyBB