In a recent post to the Open Scriptures mailing list, it was suggested that we use md5 (or another cryptographic hash) to generate unique IDs for each token (a “token” is the fundamental unit of text (most often a word) in our API database models). Today we discussed the implementation of this on IRC, and it was fairly stimulating.
First of all, md5 is broken and deprecated, due to possible collisions (two different pieces of data can result in the same hash). Since we will be dealing with millions of tokens, we decided not to test our luck, unlikely though a problem may be. SHA-256 has no known collisions, so we decided it was best to use that algorithm.
SHA-256 is implemented in Python’s standard library hashlib, so that is good. For exapmle:
>>> import hashlib
>>> hashlib.sha256("Hello world!").digest()
Needless to say, such a digest would not be very good for use in a RESTful URI scheme. So, hashlib also offers a hexadecimal option:
>>> hashlib.sha256("Hello world!").hexdigest()
That is still not the best, since that makes for a very long string. So, we have the option of using base64 encoding:
>>> import base64
>>> base64.b64encode(hashlib.sha256("Hello world!").digest())
That is shorter, but it includes the “/” character, which is a no-no for URI design. Luckily base64 includes a function for this exact purpose:
>>> base64.urlsafe_b64encode(hashlib.sha256("Hello world!").digest())
So that is safe for URIs, but being case-sensitive and having ambiguous characters makes it not the best for working with. So, base32 to the rescue:
>>> base64.b32encode(hashlib.sha256("Hello world!").digest())
There you have it: shorter than hex, and easier to work with than base64. If we end up using cryptographic hashes an token unique IDs, I’m pretty sure this is how we’ll do it.
The discussion around using cryptographic hashes as unique identifiers in our models is ongoing. Essentially we need to decide how best to make a unique hash for each token. Please join us in #openscriptures on irc.freenode.net with any input.