UID Entropy very low #200
Labels
Comments
|
I have been planning to use UUIDs for some time, but then I would also throw away domain(). Accordingly, I'm planning to make the change for a new version when a little bit of stuff has come together. You are welcome to create an issue, I don't think there is one yet. But as a quick fix I would prefer the longer IDs. Enough for now and we can clean it later. |
|
Alright, I'll create a PR for longer IDs. |
janrg
added a commit
to janrg/ical-generator
that referenced
this issue
Jul 27, 2020
janrg
added a commit
to janrg/ical-generator
that referenced
this issue
Jul 27, 2020
sebbo2002
pushed a commit
that referenced
this issue
Feb 27, 2021
# [1.3.0-develop.1](v1.2.1...v1.3.0-develop.1) (2021-02-27) ### Bug Fixes * **package.json:** add temporary version ([0bc117e](0bc117e)) * allow X-attrs to be specified in constructor ([#185](#185)) ([58c1ae5](58c1ae5)) * capitalize byDay even when bySetPos is used ([#205](#205)) ([5440fbc](5440fbc)) * **Typings:** Fix OPT-PARTICIPANT ([b777f9e](b777f9e)), closes [#192](#192) * Fix scale type for CalendarData ([#191](#191)) ([d5421e8](d5421e8)) * Make x key optional in types ([#211](#211)) ([e3c21e2](e3c21e2)) * Type fixes and updates ([#217](#217)) ([d8abe4d](d8abe4d)) ### Features * **Events:** Add appleLocation method ([#170](#170)) ([0956ba2](0956ba2)) * Add missing string input options to interface ([#199](#199)) ([a963178](a963178)) * Add Transparency Method ([bd2901d](bd2901d)) * Increase id entropy - Fixes [#200](#200) ([#202](#202)) ([6711b0a](6711b0a)) * make domain optional ([#209](#209)) ([e3362c9](e3362c9)) * Updated the entire codebase to Typescript ([d013dc0](d013dc0)) * **Events:** use provided timezone when constructing repeating.exclude ([#210](#210)) ([bd84230](bd84230))
|
🎉 This issue has been resolved in version 1.3.0-develop.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
This was referenced Apr 10, 2021
Closed
Closed
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, if no ID is given to the event manually, a 4 character ID is generated consisting of the character set a-z 0-9. This has an entropy of less than 21 bits and creating more than a few tens of events in a calendar comes with a significant risk of id collisions. I would suggest either modifying the current method to create significantly longer random strings or switching to UUIDs (which is the official recommendation, see https://icalendar.org/New-Properties-for-iCalendar-RFC-7986/5-3-uid-property.html).
In the latter case, fully following the recommendation would also mean getting rid of the domain property, though it would still be valid to include it after the UUID, provided the domain name is no longer than 218 bytes. It should be noted though that the spec states
"UID" values MUST NOT include any data that might identify a user, host, domain, or any other security- or privacy-sensitive information.Either way, if you would like such a change and let me know which variant you prefer, I'd be happy to create a PR.
The text was updated successfully, but these errors were encountered: