I'm not sure what the comment alludes to as it includes a ;-), but you can find multiple collisions against the same email address on the same day, viz: 0:030514:frantz@pwpconsult.com:49916794a98728f2 0:030514:frantz@pwpconsult.com:ffbead9be92472a3 etc. In fact they are also this way because you want there to be a relatively low probability of there being an accidental collision in the tokens created by different users sending you mail. The example implementation chooses the random string from a 2^64 space, however on average only 2^44 of those will be valid tokens (if you use 20 bit collisions), and so if you imagine someone receiving 256 mails in a day, they have a birthday probability of 2^-29 of having a mail falsely deleted because of an accidental collision. I guess that is a fairly low probability compared to email reliability, but anyway the safety margin can be increased simply by increasing the random string search space. Adam On Wed, May 14, 2003 at 11:14:56AM -0700, Bill Frantz wrote:
This approach seems like a good direction. However, it does limit me to email per address per day. :-)
At 7:56 AM -0700 5/14/03, Adam Back wrote:
The day is matched against the day in the token, as Bill said the tokens contain the date and the email address, in fact they look like this:
0:030514:foo@bar.com:482d3c37d5b5c112
where the first field is a version number, 2nd field is date (year,month,day), 3rd field is resource name (for email the recipient's email address) and last field is random junk to make it hash to trailing zeros.