GNU bug report logs - #58472
[PATCH] Make `message-unique-id' less prone to collisions

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#58472: closed ([PATCH] Make `message-unique-id' less prone to
 collisions)
Date: Fri, 25 Nov 2022 01:27:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Thu, 24 Nov 2022 17:26:31 -0800
with message-id <CADwFkmnu1gsMwGf76vbNwTbEkWr5fQT__zLvArTx4o4rErK+pw <at> mail.gmail.com>
and subject line Re: bug#58472: [PATCH] Make `message-unique-id' less prone to collisions
has caused the debbugs.gnu.org bug report #58472,
regarding [PATCH] Make `message-unique-id' less prone to collisions
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
58472: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58472
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Stefan Kangas <stefankangas <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Make `message-unique-id' less prone to collisions
Date: Wed, 12 Oct 2022 09:07:53 -0700

[Message part 3 (text/plain, inline)]

This is a proposal to make `message-unique-id' less prone to collisions.

For the first 1-2 characters, it uses the return value `user-uid', which
on most single-user systems is a fixed value (for example, this gives us
"87" on almost any single-user Debian machine).[1]  It's also
unnecessarily leaky of potentially privacy sensitive information.

The next 8 characters are the current time, with some gymnastics to
emulate support for a fractional part to seconds.  This seems
unnecessary now that, AFAIU, `time-convert' can do that for us portably
(please correct me if I'm wrong, Paul).

I suggest that we instead base the left-hand side of the Message-ID on:

  1. (time-convert nil (expt 10 9))
  2. 2^N bits of pseudo random data (e.g. N=32)

We can then ignore the effective user id, while significantly decreasing
the risk of a Message-ID collision.[2]

Currently, we get values like:

    (message-unique-id)
    => "87o7uhi3at.fsf"            ; length 10

With the attached patch, we have instead:

    (message-unique-id)
    => "cnk29wgg1a4nvrpqcy.fsf"   ; length ~22

Note also that `message-number-base36' uses a Caesar cipher for some
reason:

    (message-number-base36 5 -1)
    => "u"    ; expect "5"
    (message-number-base36 (expt 36 3) -1)
    => "yzzz" ; expect "1000"

The patch fixes this also.

I don't know if this change should be in NEWS or not.

Footnotes:
[1]  Just for fun, you can search for 87 on
     https://en.wikipedia.org/wiki/Message-ID

[2]  See also: https://www.jwz.org/doc/mid.html

[0001-Make-message-unique-id-less-prone-to-collisions.patch (text/x-diff, attachment)]

[Message part 5 (message/rfc822, inline)]

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: matt <at> rfc20.org, Eli Zaretskii <eliz <at> gnu.org>,
 Paul Eggert <eggert <at> cs.ucla.edu>, 58472-done <at> debbugs.gnu.org
Subject: Re: bug#58472: [PATCH] Make `message-unique-id' less prone to
 collisions
Date: Thu, 24 Nov 2022 17:26:31 -0800

I'm guessing that none of this is happening, so I'm closing this bug
report.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.