GNU bug report logs -
#58472
[PATCH] Make `message-unique-id' less prone to collisions
Previous Next
Reported by: Stefan Kangas <stefankangas <at> gmail.com>
Date: Wed, 12 Oct 2022 16:09:01 UTC
Severity: wishlist
Tags: patch
Done: Stefan Kangas <stefankangas <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Thu, 24 Nov 2022 17:26:31 -0800
with message-id <CADwFkmnu1gsMwGf76vbNwTbEkWr5fQT__zLvArTx4o4rErK+pw <at> mail.gmail.com>
and subject line Re: bug#58472: [PATCH] Make `message-unique-id' less prone to collisions
has caused the debbugs.gnu.org bug report #58472,
regarding [PATCH] Make `message-unique-id' less prone to collisions
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
58472: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58472
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
This is a proposal to make `message-unique-id' less prone to collisions.
For the first 1-2 characters, it uses the return value `user-uid', which
on most single-user systems is a fixed value (for example, this gives us
"87" on almost any single-user Debian machine).[1] It's also
unnecessarily leaky of potentially privacy sensitive information.
The next 8 characters are the current time, with some gymnastics to
emulate support for a fractional part to seconds. This seems
unnecessary now that, AFAIU, `time-convert' can do that for us portably
(please correct me if I'm wrong, Paul).
I suggest that we instead base the left-hand side of the Message-ID on:
1. (time-convert nil (expt 10 9))
2. 2^N bits of pseudo random data (e.g. N=32)
We can then ignore the effective user id, while significantly decreasing
the risk of a Message-ID collision.[2]
Currently, we get values like:
(message-unique-id)
=> "87o7uhi3at.fsf" ; length 10
With the attached patch, we have instead:
(message-unique-id)
=> "cnk29wgg1a4nvrpqcy.fsf" ; length ~22
Note also that `message-number-base36' uses a Caesar cipher for some
reason:
(message-number-base36 5 -1)
=> "u" ; expect "5"
(message-number-base36 (expt 36 3) -1)
=> "yzzz" ; expect "1000"
The patch fixes this also.
I don't know if this change should be in NEWS or not.
Footnotes:
[1] Just for fun, you can search for 87 on
https://en.wikipedia.org/wiki/Message-ID
[2] See also: https://www.jwz.org/doc/mid.html
[0001-Make-message-unique-id-less-prone-to-collisions.patch (text/x-diff, attachment)]
[Message part 5 (message/rfc822, inline)]
I'm guessing that none of this is happening, so I'm closing this bug
report.
This bug report was last modified 2 years and 230 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.