util.id: Adjust entropy levels, with rationales

Modules using ids for logging should not need the now pretty large medium one.
author: Kim Alvefur <zash@zash.se> 2021-12-02 01:14:55 +0100
committer: Kim Alvefur <zash@zash.se> 2021-12-02 01:14:55 +0100
commit: a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f (patch)
tree: 73afa5f5b01ce5511adea6f669f1e707ae2fcb1e /util
parent: 5797a3f65dd0ae2c8393b6992522fcfb34be2fc5 (diff)
download: prosody-a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f.tar.gz
prosody-a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f.zip
1 files changed, 14 insertions, 3 deletions
diff --git a/util/id.lua b/util/id.lua
index 731355fa..64b56662 100644
--- a/util/id.lua
+++ b/util/id.lua
@@ -17,9 +17,20 @@ local function b64url_random(len)
 end
 
 return {
-	short =  function () return b64url_random(6); end;
-	medium = function () return b64url_random(12); end;
-	long =   function () return b64url_random(24); end;
+	-- sizes divisible by 3 fit nicely into base64 without padding==
+
+	-- close to 8 bytes, should be good enough for relatively short lived or uses
+	-- scoped by host or users, half the size of an uuid
+	short = function() return b64url_random(9); end;
+
+	-- more entropy than uuid at 2/3 the size
+	-- should be okay for globally scoped ids or security token
+	medium = function() return b64url_random(18); end;
+
+	-- as long as an uuid but MOAR entropy
+	long = function() return b64url_random(27); end;
+
+	-- pick your own adventure
 	custom = function (size)
 		return function () return b64url_random(size); end;
 	end;
author	Kim Alvefur <zash@zash.se>	2021-12-02 01:14:55 +0100
committer	Kim Alvefur <zash@zash.se>	2021-12-02 01:14:55 +0100
commit	a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f (patch)
tree	73afa5f5b01ce5511adea6f669f1e707ae2fcb1e /util
parent	5797a3f65dd0ae2c8393b6992522fcfb34be2fc5 (diff)
download	prosody-a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f.tar.gz prosody-a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f.zip