From a3ea469ed9ebeab2c4db54712f0b8ace3f28e15f Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 2 Dec 2021 01:14:55 +0100
Subject: util.id: Adjust entropy levels, with rationales

Modules using ids for logging should not need the now pretty large
medium one.
---
 util/id.lua | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'util')

diff --git a/util/id.lua b/util/id.lua
index 731355fa..64b56662 100644
--- a/util/id.lua
+++ b/util/id.lua
@@ -17,9 +17,20 @@ local function b64url_random(len)
 end
 
 return {
-	short =  function () return b64url_random(6); end;
-	medium = function () return b64url_random(12); end;
-	long =   function () return b64url_random(24); end;
+	-- sizes divisible by 3 fit nicely into base64 without padding==
+
+	-- close to 8 bytes, should be good enough for relatively short lived or uses
+	-- scoped by host or users, half the size of an uuid
+	short = function() return b64url_random(9); end;
+
+	-- more entropy than uuid at 2/3 the size
+	-- should be okay for globally scoped ids or security token
+	medium = function() return b64url_random(18); end;
+
+	-- as long as an uuid but MOAR entropy
+	long = function() return b64url_random(27); end;
+
+	-- pick your own adventure
 	custom = function (size)
 		return function () return b64url_random(size); end;
 	end;
-- 
cgit v1.2.3