Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #18835

Re: get hexadecimal hash string for a number

From markspace <-@.>
Newsgroups comp.lang.java.programmer
Subject Re: get hexadecimal hash string for a number
Date 2012-09-18 17:27 -0700
Organization A noiseless patient Spider
Message-ID <k3b3h6$sli$1@dont-email.me> (permalink)
References <k3a74r$u3s$1@news.m-online.net> <k3a9qr$opo$1@dont-email.me> <50590aab$0$283$14726298@news.sunsite.dk>

Show all headers | View raw

On 9/18/2012 4:58 PM, Arne Vajhøj wrote:

> The correct approach is to use a cryptographic secure
> RNG to generate a number of random bytes.
>


I looked up"cryptographic secure" on Wikipedia, and I have to disagree. 
  The key he's sending is going out as plain text.  Cryptographically 
secure RNGs are used to generate keys, you never reveal your seed value 
or there's no point to the keys either.  The UUID is plenty hard to 
guess; using a hard-to-guess value that you then send out as plain text 
isn't going to improve your security.

Also, there's human factors to consider as well.  "Fake" but valid email 
addresses are plenty easy to generate.  If someone really wants to use a 
bogus address, they just make one, get the link you send them, and then 
ignore the email address after that.  This whole process is easy to 
automate.  Hundreds or thousands of fake ID per day can be generated 
this way.  "Cryptographically secure" doesn't mean much when Alice and 
Mallory are the same person.  In this case the human factor is a coder 
who thinks "cryptographically secure" is going to solve some problem 
when it won't.

If you can show me how UUIDs are "easy to guess," I might retract my 
statements somewhat.

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

get hexadecimal hash string for a number Magnus Warker <magnux@mailinator.com> - 2012-09-18 18:25 +0200
  Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 10:08 -0700
    Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-18 10:14 -0700
    Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 19:58 -0400
      Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 17:27 -0700
        Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:17 -0400
        Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:21 -0400
      Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-19 08:27 +0200
        Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-19 18:30 -0400
        Re: get hexadecimal hash string for a number Kevin McMurtrie <mcmurtrie@pixelmemory.us> - 2012-09-19 19:06 -0700
          Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-20 11:32 +0200
  Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-18 10:10 -0700
    Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:02 -0400
    Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-19 08:18 +0200
  Re: get hexadecimal hash string for a number Roedy Green <see_website@mindprod.com.invalid> - 2012-09-18 10:23 -0700
    Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:00 -0400
  Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:06 -0400
    Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 17:30 -0700
      Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:07 -0400
  Re: get hexadecimal hash string for a number Kevin McMurtrie <mcmurtrie@pixelmemory.us> - 2012-09-18 22:50 -0700
  Re: get hexadecimal hash string for a number Leif Roar Moldskred <leifm@dimnakorr.com> - 2012-09-19 01:06 -0500
  Re: get hexadecimal hash string for a number rossum <rossum48@coldmail.com> - 2012-09-19 17:34 +0100
    Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-20 11:30 +0200
      Re: get hexadecimal hash string for a number rossum <rossum48@coldmail.com> - 2012-09-21 12:48 +0100
        Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-21 10:15 -0700
          Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-26 06:11 +0200
            Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-26 09:29 -0400
              Re: get hexadecimal hash string for a number Gene Wirchenko <genew@ocis.net> - 2012-09-26 09:18 -0700
      Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-21 10:56 -0700
        Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-26 06:12 +0200
      Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-23 20:57 -0400

csiph-web