Why does one use CRC32?

[2levelsabove]

A co worker suggested that I store (ip address . session_id) and do a CRC32 and store that in database. (we are writing a tracking script.  Why is the logical reasoning of that ? Of course I know its a hash. However I am not sure how we would retreive that from database ?  And how would we even store it in MYSQL. I heard that it returns signed and unsigned based on operating system and the values could change. Why even use something like this?

 

 

[teamatomic]

I see no reason to do it for an IP and a session_id. A crc is usually for chunks of data. You grab a chunk, crc it, send the data and the crc then the receiver gets the data and crc it then compares the crc's. If they match the data is ok. If they dont match the chunk is requested again. Its like an md5 for a file. but for it to do any good the sender of the data has to also send the crc otherwise its kind of useless.

 

Like I said, I see no reason when you can check the IP and the sesson_id from the client/cookie against what you have already stored.

 

 

HTH

Teamatomic

[2levelsabove]

I asked him and he said that if he uses md5 or sha than it would produce a string which would be inefficient.  CRC32 would produce a number

 

[haku]

There are two issues with that:

 

1) An alphanumeric hash is going to have more variation than a purely numeric hash, so it seems to me that an alphanumeric hash would be stronger. Though I am no security expert, so I could be wrong.

2) Why would you need to hash IP addresses in the first place?

[Mchl]

Both md5 and sha produce numbers. They're just usually represented as strings of hexadecimal DIGITS. Nothing stops you from setting second argument to true, which will give you actual binary output.

echo(md5(0,true));
'¤═ äĽŇe´fš▀¨¨çd┌'

[2levelsabove]

Yeah that makes sense now. We could have used MD5 or Sha with the optional second parameter. Did not even know that.

 

 

Thanks Mchl and haku!