Hacker News new | ask | show | jobs
by kimdotcom 2886 days ago
Strange claim about what the site 'implies'.

I use hashids and did not assume such things.

I use it so a jerk end-user can't keep incrementing an integer-based URL param.
2 comments
kyberias 2886 days ago
You rely on hashids to be secure, so that your jerk end-users can't increment the id. You would like to know how secure it actually is, don't you?
link
ngrilly 2886 days ago
This is exactly what I'm wondering. If an attacker finds a way to reverse the hashids, then he can increment the ID and scan the resources.
link
kimdotcom 2886 days ago
No.

If they can figure that out, I will have bigger problems with the users.

link
kpcyrd 2886 days ago
So apparently you have bigger problems with the users now.
link
allworknoplay 2886 days ago
yeah seriously. the hashids people are very clear about what a terrible idea it is to think that hashids are secure in any way. fine, do a cryptographic analysis, but don’t suggest you’re actually saving people from some false claim or implication about security.
link
ngrilly 2886 days ago
The hashids website has been updated since the cryptanalysis was published. For example, the old website used the words encrypt/decrypt instead of encode/decode, which was confusing.
link