hashids-python
hashids-python copied to clipboard
davidaurelio
Salt Only uses first 43 Characters
I'm seeing that the salt is limited in usable length (contrary to popular assumptions that you should use a "long random string"). For example, here's a session:
>>> from hashids import Hashids
>>> Hashids('12345678901234567890123456789012345678901234').encode(1)
'WJ'
>>> Hashids('1234567890123456789012345678901234567890123').encode(1)
'WJ'
>>> Hashids('123456789012345678901234567890123456789012').encode(1)
'QN'
It doesn't seem to matter what the contents of the salt are, it's always 43 characters.
I can't immediately see the cause of this - it may be something to do with the length of the alphabet (62) minus the length of the separators (14) and something else. It doesn't seem to be dependent on the length of the number encoded (I tried 8, 16,32,64 and 128 bit numbers).
I'm not sure if this is a bug, an undocumented feature or my (mis)understanding, but thought it worth raising as consumers of this library do indeed recommend "a long and secure salt value...". If it is an undocumented feature, some explanation of why 43 characters would probably be helpful.
(edit: By chance, this also happens to be issue #43 :-) )
