Closed wendlinga closed 9 years ago
Hey, sorry I was on vacation away from electronics. So by my math, 8 bits = 1 character. 128 bits = 16 characters. 160 bits = 20 characters.
If I understood your PR correctly, we'd be overshooting the requirement, since you aim to go between 32 and 41 chars in length.
Could you clarify your intent?
No problem. My understanding is that since the characters are hex values, then each character only represents 4 bits.
var chars = "abcdef0123456789";
Based on that premise then 4 bits = 1 character. 128 bits = 32 characters. 160 bits = 40 characters.
I see your point.
I don't think it's entirely accurate though. You certainly can represent an integer as 8 hex digits, 0xFFFFFFFF
, but I don't think that the generated output of this function will be parsed as a number.
I think the string f
will be intepreted as 01000110
(ascii 102), rather than 1111
(hex 0xF)
What do you think?
I agree that they will likely be stored as a string (and as such 8 bits), but the spec references the
probability of two randomly chosen identifiers being identical
Even if the value is stored as 8 bits, each position is only capable of representing 4 bits of information (0-F) It seems that the spec is concerned with the total number of possible combinations (2^128 to 2^160) instead of the underlying structure. Do you think this matches the documentations intent?
Good point.
Tagged, bumped and published. Thanks!
Update generateUniqueID to conform to the spec length. Spec here https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf