SID hash

Elrond elrond at
Tue Aug 8 18:39:33 GMT 2000

On Mon, Aug 07, 2000 at 08:23:43PM -0500, Peter Samuelson wrote:
> [Tim Cole]
> > Oh.  Heh, yes.  The definition of "good hash" varies greatly
> > depending on the application :P
> > 
> > Eh, in this case, for use in a hashtable, probably sorted linear for
> > the moment.
> Then I agree with Elrond -- just add 'em up and mod by something.
> Complex hash functions are most useful when the data is non-random in
> some way, like if it's concentrated around powers of two.  In this
> case:
> SIDs from multiple domains are truly random, or close to it, so any
> hash function should be OK.  Ignore that case, for now.
> SIDs in the same domain are identical but for RID, so consider the RID.
> It is not random; I think on NT it's usually a small number greater
> than 500.  On Samba it's related to the UID, which in some
> organizations is very non-random; for example, I categorize my users by
> multiples of 1000, so most people are between 1000N and 1000N+50 for
> five or six values of N.
> So for NT RIDs, just add and mod by anything you want.  If you need to
> consider Samba RIDs, it's probably best to use a prime number of
> buckets, like they always say about hashing anyway.

NT RIDs are starting at 1000. And they're incremented for
each new user, old RIDs are never reused, they're marked as

So, if you have a crazy nt-admin:
create a,b,c,d,
delete a,b,c

You get 4n+1002, so mod 4 is a bad idea here. ;)

So it's always a good idea, to use a prime. ;)

Samba uses UID*4+1000 for users and gid*4+1001 for groups,
and gid*4+1002 for aliases.

So mod 4 is realy bad. ;)

I hope, winbindd will soon have a good surs-functionality,
then I will conside using it in TNG. (Have to talk with Tim
about it... the surs, that will be needed, will be quite


More information about the samba-technical mailing list