API Key Generator in emoncms3

Hi,

Just my curiousity, how unique is the API key generated in the emoncms? does this always make the api key for each user is different? Or is there still any possibilities that two users share the same API key

Thanks very much.

kind regards,

John

 

TrystanLea's picture

Re: API Key Generator in emoncms3

Hello John, the apikey's are generated as so:

$apikey_read = md5(uniqid(rand(), true));

(line 71: https://github.com/openenergymonitor/emoncms3/blob/master/Controllers/us...)

an example result is: 45670e5cfe57e0b4d0139832c291706d

32 characters, 16 (a-f, 0-9)  possible options per character.

16 ^ 32 = 3.4 x 10^38 different possible apikeys if the randomiser is truly random.

I dont remember why I choose to use md5(uniqid(rand(), true)); in the first place, it must have been used in an example somewhere, but in trying to reply to your question I have done a bit more research. The discussions around md5 suggest that its not a guarantee of unqiness but that the chance of a similar result is quite small.

This is a particularly interesting discussion on stack overflow that suggests an improvement on the above by changing rand to mt_rand: 

http://stackoverflow.com/questions/2593807/md5uniqid-makes-sense-for-ran...

http://tjl.co/blog/code/followup-php-rand-vs-mt_rand/

I will make this change to the code now.

I guess it could also be possible to check for duplicate apikey's in the database when a new apikey is generated which would guarantee unqiness.

Do you have any thoughts, recommendations on the matter?

 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.