Searching yarn

Twts matching #Paradoxes
Sort by: Newest, Oldest, Most Relevant
lyse
lyse.isobeef.org
 (19w ago)
In-reply-to » For Example:

I don’t get why displaying nick@domain is preferred over just @nick in the first place. The twtxt world here is so small (and hopefully will always be) that duplicate nicks are just not an issue from my point of view. And even if there are several feeds with the same nicks, one probably does not follow both of them. Yes, there’s the birthday paradox, but I’d guess we have a slightly larger nickname space than days in a year.

⤋ Read More
falsifian
www.falsifian.org
 (33w ago)

@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

⤋ Read More