On Sun, Apr 5, 2009 at 5:24 AM, Graham Cox <graham....@bigpond.com> wrote: > > On 05/04/2009, at 5:02 AM, Greg Guerin wrote: > >> An object's -hash method is not guaranteed to return a unique value. >> Different objects can have the same hash as other objects of the same type, >> or of different types. Therefore, if you are calculating a SHA-1 hash of >> the -hash value returned from the NSDate, your authentication can be spoofed >> by an unknown number of other NSDate objects that return the same value from >> -hash. > > > Sure, I understand that. Actually the SHA-1 hash is derived from the -hash > of several objects, not just the date. My take is that the combination of > the several objects (typically about 8 different pieces of information) is > sufficiently unique to be unspoofable in practice. And in fact the SHA-1 is > only used as a signature anyway, not as a unique value in its own right - > the existence of identical SHA-1 hashes for different info sets wouldn't > matter.
Note that, as far as I know, there is no guarantee that -hash will return the same value for the same object across runs of your program. Apple is free to change their algorithm in an OS update, and could conceivably (although I don't see why) switch between different algorithms at process start time. You'll want to use your own hashing algorithm for this. Mike _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
