Conversation

How secure are URLs with random strings appended to a stem (generated as hashes of content?) and kept secret, but otherwise not secured? Is it like low probability hash collisions? Could a crawler brute-force sensitive content at a useful rate to be worth it to an attacker?
15
25
Replying to
Hmm. You actually wouldn’t need to brute force if you had local access. Packet-sniffing at a router close to a target should just give you the urls right?
5
4
I’ve instinctively avoided putting anything sensitive on services that use this mechanism, which is why I’ve primarily used Roam for text, which is encrypted, and for images only when I don’t care if it goes public
4
4
Replying to
Check Webpack’s docs for other ideas? My understanding is that it generates a new hash for each file and append to the path at run time. Rails’s ORM (ActiveRecord) follows a similar approach. But not sure what that does in terms of overall security.