Forum Moderators: coopster
The site here:
<removed url>
describes a solution for me, but the IDs are all of 26 char length. What hashing algorithm would this be?
A google search turns up nothing.
My session IDs are all of length 32 chars, so I presume they are md5?
While trying to find what PHP function would hash to 26 chars, I perused this page:
[en.wikipedia.org...]
which states that sha1 produce 32 char hashes.
Yet my experience indicates otherwise - I always get 40 char sha1 hashes.
Can anyone explain what is happening here?
For now, I have made my char fields of 40 chars in length, even though they will only be storing md5.
[edited by: coopster at 5:48 pm (utc) on Dec. 9, 2006]
[edit reason] removed url [/edit]
This caused me no end of hassle when I was trying to find out why PHP was writing 26 char session IDs... it was because this was set to 5 (by default - a mistake IMO) - this allows characters other than a-f,0-9 to be used in session IDs
Setting this to 4 resulted in the regular 32 char session IDs
Edit: It does not state that sha-1 produces 32 char hashes in wikipedia - it says "160 bits", which is 40 chars at 4 bits per char, and all the examples are 40 chars.
You may be confused with the "word size" column in their table, which lists "32 bits"
[edited by: FalseDawn at 2:08 pm (utc) on Dec. 9, 2006]
Why is this a mistake to have the default set to 5?
I notice it can be set to 6 as well.
Why is this a mistake to have the default set to 5?
I thought that would be pretty obvious - why make the default something that changes the behaviour from the standard in PHP4?
I have several places where I assume 32 char session IDs (in various regular expressions for example), and this threw those all off.
