How secure are generated hashes ? #580
Comments
|
If security is your primary goal, I would not recommend using hashids. The algorithm obfuscates information using the salt, but with enough time and motivation, a bad actor could probably figure out the ordering of information (i.e. which hash is smaller than the other). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using UUIDs for my mysql db, and I am wondering if I can use this library instead so db's performance would get better.
However, I want to know how secure is this method compared to UUIDs ?
At first I saw that lower integers are encoded to shorter hashes so it expose a little information about order of rows.
but how about hashes with same size ? If I use a secure salt, is it nearly impossible to compare two hashes (to determine which one is a higher number) or decode them without knowing the salt ?
The text was updated successfully, but these errors were encountered: