There have been so many incidents in crypto that exploited broken assumptions about hash collisions.
Factually, X != hash(X). Sometimes you can make the simplifying assumption that X == hash(X), but only in well-defined contexts, subject to proper risk analysis; never in general, or as a presumption of a system that needs to be correct.
SHA-256 has, well, 256 bits of entropy. What I took issue with was the claim that UUID's 128 bits (well, almost, anyway) are overkill with modern advances in randomness.
kiitos|2 years ago
Factually, X != hash(X). Sometimes you can make the simplifying assumption that X == hash(X), but only in well-defined contexts, subject to proper risk analysis; never in general, or as a presumption of a system that needs to be correct.
Nullabillity|2 years ago