[masom]

You won't find a specific link, but at some point if you generate millions of urls the 1024 bits will start to return values pretty quick through bruteforce.

The one link won't be found quickly, but a bunch of links will. You just need to fetch all possibilities and you'll get data.

[duskwuff]

> You won't find a specific link, but at some point if you generate millions of urls the 1024 bits will start to return values pretty quick through bruteforce.

Not even close. 1024 bits is a really, really big address space.

For the sake of argument and round numbers, let's say that there are 4.2 billion (2^32) valid URLs. That means that one out of every 2^992 randomly generated URLs is valid. Even if you guessed billions of URLs every second, the expected time to come up with a valid one (~2^960 seconds) is still many orders of magnitude greater than the age of the universe (~2^59 seconds).

[charleslmunger]

I'm not sure your math checks out. With 1024 bits of entropy and, say, 1 trillion valid links, your chances of any one link being valid are 1/2^984

So test a million links - your probability of finding a real one is (1-1/2^984)^1000000. That's around 1/10^291 chance of hitting a valid URL with a million tries. Even if you avoid ever checking the same URL twice it will still take you an impractical amount of time.

[mbrumlow]

All this is fine and dandy until your link shows up in a log at /logs.

[ummonk]

The same can almost as easily happen with user-submitted passwords.

[1231232131231]

Passwords usually don't show up in server logs if submitted correctly.

[mbrumlow]

Love your qualifier. “If submitted correctly”.

[blueflow]

1024 bits seems a bit too much for the birthday problem to be a thing.

I looked at [1] to do the calculation but (2^1024)! is a number too large for any of my tools. If someone has a math shortcut to test this idea properly...

[1] https://en.wikipedia.org/wiki/Birthday_problem#Calculating_t...

[Dylan16807]

This isn't the birthday problem. That would be the chance of two random links overlapping. The birthday problem scales with n^2, while trying to guess links scales with m * n, number of guesses multiplied by number of links.

(Well, before you apply the logistic taper to it. So you wanted an approximation? There you go. Until you get the chance of a hit to be quite high, it's basically equal to guesses * valid links / 2^1024.)

[ta1243]

The chance is less than guessing a random 128 bit username and random 128 bit password. And then guessing a completely different username and password on the very next go.

You'd get far more return on investment breaking bitcoin wallets.

2^1024 is 10^308

Lets say there are 12 billion links per person, and 8 billion people. That's 100 billion billion, or 10^20 links.

10^20 / 10^308 is zero.

Lets say you can test 10 trillion links a second, and started when the big bang happened, you'll have tested 10^30 links so far.

The number of links you'll have found so far is zero.

[Dylan16807]

Yes, but I'm not sure why you replied to me?

[rjmunro]

2^1024 ≈ 10^300. There's only ≈10^80 atoms in the whole known universe. And we haven't even done the factorial.

[saagarjha]

Stirling’s approximation?

[eknkc]

We call 128 bit random data “universally” unique ids. 1024 bits won’t ever get close to returning any random hits.