Re: PHP and some == wonkiness

[mancha <mancha1 () zoho com>]

On Tue, May 05, 2015 at 08:24:42AM +0000, mancha wrote:
> On Tue, May 05, 2015 at 09:44:00AM +0200, Florian Weimer wrote:
> > On 05/05/2015 09:26 AM, mancha wrote:
> >
> > > Taking sha1 as our reference hash and "==" as our equivalence
> > > relation:
> > >
> > > All [a-f][0-9a-f]{39} are in equivalence class A.
> > >
> > > All 42[a-f][0-9a-f]{37} are in equivalence class B.
> > >
> > > Note: those regexes aren't representative of the full equivalence
> > > classes because prepending 0s doesn't alter the value (i.e.
> > > 0[a-f][0-9a-f]{38} is in equivalence class "A" as well..
> >
> > I cannot reproduce this.  Or you use “equivalence class” in a
> > non-standard way.
> >
> > -- Florian Weimer / Red Hat Product Security
>
> I was using "equivalence class" in a standard way but mis-understood
> PHP's casting rules when comparing strings so never mind that comment.
>
> To raise the SNR back up, I agree with your assessment if we account
> for prepended 0s. So out of the 16^40 total hashes, I believe
> 10^38+10^37+...+10^1 of them will evaluate to float(0). A bit higher
> than your estimate (which only considered 10^38 of them). Same order
> of magnitude though.
>
> --mancha

That has a small off-by-one because 40 0s will be cast to float(0) when
compared to those.

Also, we have equivalence classes such as:

2e00000000000000000000000000000000000001
02e0000000000000000000000000000000000001
...
0000000000000000000000000000000000002e01
00000000000000000000000000000000000002e1
0000000000000000000000000000000000000020

--mancha

Attachment: _bin
Description: