Increase generated short codes entropy #491
Comments
|
It's actually a bit more complicated than that. At the very beginning, I implemented a logic which generates the short codes based on the id of the short URL. It's ugly, and makes short codes to look sequential. They are also a guessable, as you noticed. I have considered changing that several times, and I probably do it. One option I've considered is using partial hashes (the same as git does). That would solve this problem and make them random. I will plan this and improve it as soon as I have a spot. |
|
I'm looking for other shorturl generator and some are able to switch between:
(1) and (2) are already supported by shlink (or something like). Indeed, it would be great to support I tried to install locally the project to propose a merge request, but I'm facing some issues to make it working on my environment. We plan to deploy a shortlinker by the end of this month. do you think you'll be able to work on it quickly ? Many thanks for your help |
|
I'm afraid end of this month is not realistic. Even if a PR was provided, I don't think I had the time to properly review it, merge it, and prepare a release. The tasks that will be part of next release (1.19) are already closed. I can consider some change to prioritize this for any version after that one. Sorry I cannot give you better news. |
acelaya
changed the title
|
You rock ! |
Hi,
Currently the only way to increase the entropy is by using multiple docker instances.
Otherwise, you'll obtain such tokens:
So urls are quite predictible and in some cases it can result in security issue.
By increasing the length the token generator can be able to randomize more char at the same time
Like this:
Suggest env var name: SHORTCODE_MINIMUM_LENGTH (default: 4)
Many thanks
The text was updated successfully, but these errors were encountered: