Can SHA-1 produce dupe hash values?

From: car (car_member_at_newsguy.com)
Date: 09/29/04 

Date: 29 Sep 2004 09:20:42 -0700

Hi, all! I am in an area that processes customer transaction records. To keep
me (the data collection and manipulation service) from being able to see real
customer IDs, the transaction source has implemented SHA-1 with "salt" to
produce one-way hash text. I see the resulting hash value as the customer ID.

I have been told that the way they are encrypting the customer ID, the resulting
text will be consistent and distinct. They said it is practically impossible to
get the same hash value for two different IDs. Is that true of the
implementation of SHA-1 with the same salt every time? Does it matter what the
length of the customer id is (too short, too long)?

I am on a quick deadline to implement the handling the customer IDs (all old IDs
have to be deleted), so I do not have much time to check out SHA-1 in dpeth, but
I thought I remember hearing that one-way hashes could produce the same output
for two different inputs - is that true? I just want to know how sure I can be
that these hash texts will uniquely identify one and only one customer. It is
OK for me to associate a customer's data together for analysis (customers who
bought x also bought y within 30 days, etc), the restriction is on my putting
transactions to an actual named John Doe. Since we got rid of the customer
detail tables, the restriction is a mute point.

Funny, my question is not how secure is the method, but instead how reliably
unique is the result of the method...

Thanks to all who can lend some hard facts/stats...

 - car

Relevant Pages

  • Re: Report based on calculations of 2 records
    ... automate the reports generation to include his payment patterns via ... ' Find using numeric data type key value? ... I am able to create a report but for the first record for each customer, ... coming in to pay at different times, the receipt number (transaction table's ...
    (microsoft.public.access.reports)
  • Re: Report based on calculations of 2 records
    ... "That is why we need to check the data entry between records to make sure users do not make errors keying in the PayFrom and PayTo fields." ... The reason for such calculations is not only to check whether the records are keyed in correctly, it allows us to monitor his payment history or pattern. ... I am able to create a report but for the first record for each customer, points to a different record as illustrated below: ... Since there are many customers coming in to pay at different times, the receipt number (transaction table's running number) will not be sequential for any one customer. ...
    (microsoft.public.access.reports)
  • Re: Multiple Transactions per letter
    ... merge, and a DATABASE field to list the transactions for that customer, e.g. ... XML data. ... and construct the transaction list for each ...
    (microsoft.public.word.mailmerge.fields)
  • Re: Report based on calculations of 2 records
    ... Where does the PayTo and the PayFrom information come from? ... Creating this table will effect the rest of my records and I have more than 20000 of such transaction records to date. ... When a customer makes a payment, you can choose the period that has been set up form them... ...
    (microsoft.public.access.reports)
  • Re: OT: Linux question
    ... > start with and the customer ignored this and went the HSBC route which is a ... Andy, I don't ... think I can help with your Linux problem, ... HTTP POST request containing the details of the transaction (whether ...
    (uk.net.web.authoring)