search

laravel / folio

Page based routing for Laravel.
MIT License
568 stars 46 forks source link

Generated route names are prone to collision #60

Closed vlakoff closed 1 year ago

vlakoff commented 1 year ago

Coming from https://github.com/laravel/folio/commit/ded968e28fbe2a42771035ef97f44ddbbc4524fa#commitcomment-123084859:

10 hexadecimal characters have an entropy of 40 bits. That is very low (for perspective, only barely above CRC32, which is very prone to collision). I would suggest to slightly raise the number of characters.

(see the 2nd table at https://en.wikipedia.org/wiki/Password_strength#Random_passwords)

Excerpt from the mentioned table: Entropy Hexadecimal chars
8 bits 2
32 bits 8
40 bits 10
64 bits 16
80 bits 20
96 bits 24
128 bits 32
160 bits 40
192 bits 48
224 bits 56
256 bits 64

As you can see at the bottom of this article, 32-bit is insanely low:

Hash Collision Probabilities

Therefore, I would recommend no less than 16 characters (entropy of 64 bits).

nunomaduro commented 1 year ago

Thank you for suggesting this change. Do you mind submitting a pull request to this file for the change you wish to see? Thank you again for bringing this to our attention!

https://github.com/laravel/folio/blob/ded968e28fbe2a42771035ef97f44ddbbc4524fa/src/MountPath.php#L27