-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How secure are generated hashes ? #580
Comments
If security is your primary goal, I would not recommend using hashids. The algorithm obfuscates information using the salt, but with enough time and motivation, a bad actor could probably figure out the ordering of information (i.e. which hash is smaller than the other). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using UUIDs for my mysql db, and I am wondering if I can use this library instead so db's performance would get better.
However, I want to know how secure is this method compared to UUIDs ?
At first I saw that lower integers are encoded to shorter hashes so it expose a little information about order of rows.
but how about hashes with same size ? If I use a secure salt, is it nearly impossible to compare two hashes (to determine which one is a higher number) or decode them without knowing the salt ?
The text was updated successfully, but these errors were encountered: