notes/computing-truths: Add issue on sequential IDs - blog - My website can't be that messy, right?

commit: 2a92c4a75ee9aff33bf2fe1b89f6f120654f69b1
parent 2320f305a8d26872b9d09f9e08007dda5fd72a97
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun, 18 Apr 2021 20:57:31 +0200

notes/computing-truths: Add issue on sequential IDs

Diffstat:
M notes/computing-truths.txt 1 +

1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/notes/computing-truths.txt b/notes/computing-truths.txt
@@ -24,6 +24,7 @@ I would love to be proved wrong or shown doubts on any of this, thanks a lot if 
 - You need threat models for your security
 - So called "Unique IDs" aren't always unique
 	- A lot of "Unique IDs" can be spoofed or badly generated/stored (quite common for MAC Addresses)
+	- If you count all IDs sequentially it means that you end up with enumeration and a lack of plausible-deniability and can lead to uniqueness issues if you restore storage from an previous point in time, this should be strongly avoided in internet applications
 	- In the case of UUIDs, they can be reasonably trusted but be careful on how you use them:
 		- "nil" UUID (entirely zero) is valid
 		- version 1 should be avoided in settings where time isn't linear (can easily jump backwards, always at the same date on boot, …)