The issue isn't really passwords where a UUID would be totally overkill, it's fo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		insanitybit on Nov 22, 2022 \| parent \| context \| favorite \| on: Moving Away from UUIDs (2018) The issue isn't really passwords where a UUID would be totally overkill, it's for things like capabilities. For example, I could put a file at `example.com/<some uuid>` and no one could find it unless I told them about it. As the author points out, my chance of an attacker guessing that url isn't 2^128 but instead 2^122. For many cases that's actually fine.

vbezhenar on Nov 22, 2022 [–]

It’s 2^122. Or 2^128 if you don’t care about stupid standards (why would you). Birthday paradox is about getting collisions, not guessing.

insanitybit on Nov 22, 2022 | [–]

Right, yes, guessing once specific uuid wouldn't be subject to the birthday paradox, thanks. Edited my post to no longer reflect that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact