top | item 47067829

(no title)

stonegray | 11 days ago

Specifying a CSPRNG as an entropy source to avoid collision is incorrect.

CSPRNGs make prediction of the next number difficult (cracking-AES difficulty) but do not add entropy and must be seeded uniquely otherwise they will output the same numbers. Unless the author is proposing having the same machine generate a single universe-scale list in one run.

Also “banning” ids that are all 1s or 0s is silly; they are just as valid and unique as any other number if you’re generating them properly. Although I might suggest purchasing a lottery ticket if you get an UUID with all settable bits as 1.

discuss

left-struck|11 days ago

Banning 0s might be to avoid conflicts of with testing? Kind of like how you’d want to block logins with emails that have a domain example.com. Idk I’m grasping at straws

nkrisc|10 days ago

It’s good to have some known invalid identifiers. They are times where you want to use one that can’t possibly be valid. Having them be easily memorable and obviously invalid is good too.

Imagine if example.com was freely available for anyone to register, think of all the email they could get.