[erlang-questions] Unique references
Jim McCoy
jim.mccoy@REDACTED
Sat Aug 9 06:20:18 CEST 2008
On Fri, Aug 8, 2008 at 9:56 AM, Vance Shipley <vances@REDACTED> wrote:
> [...]
> I have heard it said that a ref() is not as sure to be unique as
> it should be. If that is the case shouldn't it be fixed?
Absolutely. Making refs reasonably unique and non-guessable (and by
extension, giving the same property to pids) would be some easy
low-hanging fruit in terms of making Erlang a bit more secure. At
this point in time how hard is it to attach a bit of randomness to
whatever was going to be emitted as a ref and shove the whole thing
through md5 or sha1? [Yes, both are suspect for _real_ security, but
they are a huge improvement over the current system...]
jim
More information about the erlang-questions
mailing list