[Bro-Dev] $tag in notice_info

Seth Hall seth at icir.org
Wed Mar 9 10:44:06 PST 2011


On Mar 9, 2011, at 1:05 PM, Robin Sommer wrote:

>    struct { uint64 run_id; uint64 conn_count } id;
>    id.run_id     = md5(hostname, timeofday, pid);
>    id.conn_count = ++global_conn_counter;
> 
>    uint64 unique_val = crc64(id);


I think I would prefer to leave out the md5.  Do you think that we'd ever see conflicts by just adding those values together?  

Also, would CRC-64 provide enough reliability against collisions considering that some installations may run for a very long time?  I don't know the characteristics of CRC algorithms, but I know they weren't designed for this use and I'd be a little worried about collisions.  Maybe this is ok though?

  .Seth


More information about the bro-dev mailing list