Hacker News new | ask | show | jobs
by katrielalex 3593 days ago
You need the API key to be long enough to be unguessable. Otherwise, I could get free stuff by just guessing someone else's key.

This is significantly longer than what you need to avoid a collision. The idea of having a three-character key is just crazy.
1 comments
abrookewood 3593 days ago
I thought he was just using that as an example to see what the risk of collision was - not actually suggesting that they be used.
link