[erlang-questions] Unique references

Jim McCoy jim.mccoy@REDACTED
Sat Aug 9 06:20:18 CEST 2008

On Fri, Aug 8, 2008 at 9:56 AM, Vance Shipley <vances@REDACTED> wrote:
> [...]
> I have heard it said that a ref() is not as sure to be unique as
> it should be.  If that is the case shouldn't it be fixed?

Absolutely.  Making refs reasonably unique and non-guessable (and by
extension, giving the same property to pids) would be some easy
low-hanging fruit in terms of making Erlang a bit more secure.  At
this point in time how hard is it to attach a bit of randomness to
whatever was going to be emitted as a ref and shove the whole thing
through md5 or sha1? [Yes, both are suspect for _real_ security, but
they are a huge improvement over the current system...]


More information about the erlang-questions mailing list