Re: Need localization-proof method of transporting dates.
Re: Need localization-proof method of transporting dates.
- Subject: Re: Need localization-proof method of transporting dates.
- From: Michael Ash <email@hidden>
- Date: Sun, 5 Apr 2009 11:15:11 -0400
On Sun, Apr 5, 2009 at 5:24 AM, Graham Cox <email@hidden> wrote:
>
> On 05/04/2009, at 5:02 AM, Greg Guerin wrote:
>
>> An object's -hash method is not guaranteed to return a unique value.
>> Different objects can have the same hash as other objects of the same type,
>> or of different types. Therefore, if you are calculating a SHA-1 hash of
>> the -hash value returned from the NSDate, your authentication can be spoofed
>> by an unknown number of other NSDate objects that return the same value from
>> -hash.
>
>
> Sure, I understand that. Actually the SHA-1 hash is derived from the -hash
> of several objects, not just the date. My take is that the combination of
> the several objects (typically about 8 different pieces of information) is
> sufficiently unique to be unspoofable in practice. And in fact the SHA-1 is
> only used as a signature anyway, not as a unique value in its own right -
> the existence of identical SHA-1 hashes for different info sets wouldn't
> matter.
Note that, as far as I know, there is no guarantee that -hash will
return the same value for the same object across runs of your program.
Apple is free to change their algorithm in an OS update, and could
conceivably (although I don't see why) switch between different
algorithms at process start time. You'll want to use your own hashing
algorithm for this.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden