[cap-talk] use of hashcodes?
Jack Lloyd
lloyd at randombit.net
Tue Feb 23 10:51:55 PST 2010
On Tue, Feb 23, 2010 at 10:40:09AM -0800, Raoul Duke wrote:
>
> to me, "secure" is more about people brute-forcing a hash collision,
> where as "robustness" is about look ma we use incr with big ints that
> never overflow cough cough and we never have to worry about a weird
> hard to reproduce bug that was caused by different request data
> hashing to the same thing.
But you do have to worry about maintaining your counter state
correctly in the face of concurrency, file system bugs, application
and system crashes, recovery from backups, VM state rollbacks, and so
on. I would give much worse odds for handling all of these sucessfully
100% of the time than I would SHA-256 randomly colliding.
-Jack
More information about the cap-talk
mailing list