@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

​ Read More

Agora com texto e cartaz oficiais:

“Lançamento do livro |
MEMÓRIAS ACADÉMICAS – Liceu Nacional de Latino Coelho, de JosĂ© Francisco Rica

A nĂŁo perder, dia 6 de setembro, pelas 17h00, no salĂŁo nobre do Museu de Lamego.

A entrada Ă© gratuita.”

Image

​ Read More
In-reply-to » Ű„Ű­ŰȘŰł قهوŰȘك ŰšŰłÙ„Ű§Ù… ☕🕊

@bender@twtxt.net My index formatting is intact, probably because I still haven’t figured out how to set up my terminal to show RTL text correctly! 😅 but hey, that won’t be a problem anymore, I don’t feel like twting in Arabic. Sorry for the inconvenience.

Image

​ Read More