davidaurelio / hashids-python

Implementation of hashids (http://hashids.org) in Python. Compatible with Python 2 and Python 3

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Salt Only uses first 43 Characters

coofercat opened this issue · comments

I'm seeing that the salt is limited in usable length (contrary to popular assumptions that you should use a "long random string"). For example, here's a session:

>>> from hashids import Hashids
>>> Hashids('12345678901234567890123456789012345678901234').encode(1)
'WJ'
>>> Hashids('1234567890123456789012345678901234567890123').encode(1)
'WJ'
>>> Hashids('123456789012345678901234567890123456789012').encode(1)
'QN'

It doesn't seem to matter what the contents of the salt are, it's always 43 characters.

I can't immediately see the cause of this - it may be something to do with the length of the alphabet (62) minus the length of the separators (14) and something else. It doesn't seem to be dependent on the length of the number encoded (I tried 8, 16,32,64 and 128 bit numbers).

I'm not sure if this is a bug, an undocumented feature or my (mis)understanding, but thought it worth raising as consumers of this library do indeed recommend "a long and secure salt value...". If it is an undocumented feature, some explanation of why 43 characters would probably be helpful.

(edit: By chance, this also happens to be issue #43 :-) )

Good question. I ported this from JS a long time ago. It might make sense to change this behaviour.