[cap-talk] use of hashcodes?
Raoul Duke
raould at gmail.com
Tue Feb 23 10:40:09 PST 2010
On Mon, Feb 22, 2010 at 9:49 PM, David Barbour <dmbarbour at gmail.com> wrote:
> I suspect it would be more secure than the SHA256-HMAC design, if only
> because there's no risk of collisions.
i think this shows a little bit what is confusing me.
to me, "secure" is more about people brute-forcing a hash collision,
where as "robustness" is about look ma we use incr with big ints that
never overflow cough cough and we never have to worry about a weird
hard to reproduce bug that was caused by different request data
hashing to the same thing.
to me, the use of hashes to avoid collisions seems silly because you
could just use incr (with a cache size that is smaller than big int
and allow wrap on overflow) and not have to ever run the (however
small but still real) risk of pointless trouble via collision.
of course, that doesn't address 'security' as i think of the term.
sincerely.
More information about the cap-talk
mailing list