If you don’t require deterministic hashes (and deterministic hashes are bad for ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

slooonz on April 30, 2018 | parent | context | favorite | on: The False Allure of Hashing for Anonymization

If you don’t require deterministic hashes (and deterministic hashes are bad for anonymization anyway) just hash data+randomBytes(16) (obviously, don't save randomBytes(16) anywhere). There you are, nobody can bruteforce your hashes.

Even better, just replace your data with H(randomBytes(16)). Or a random UUID.

EGreg on April 30, 2018 | [–]

Umm what good is the string of random bytes if you don’t store it anywhere? The point of a one-way function is that its output is verifiable given the input.

jiveturkey on April 30, 2018 | [–]

either your comment is nonsensical or you left a detail out. per your comment, you may as well not record the data at all.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact