Allow uploading with high-entropy URL keys #59

New Issue

electricdusk · 2020-05-27T22:37:53+02:00

electricdusk commented

2020-05-27 22:37:53 +02:00

I often have the situation where I use rushlink without the requirement of having a short URL. Moreover, in some of these cases, I would rather have a URL that is resistant to enumeration attacks.

I propose that we allow a flag "entropy", with a number as argument, or a boolean "high-entropy" value, that will instruct the server to generate a key with a minimum amount of entropy. I would propose a very conservative 96 bits, which is equivalent to keys of 16 characters.

I often have the situation where I use rushlink without the requirement of having a short URL. Moreover, in some of these cases, I would rather have a URL that is resistant to enumeration attacks. I propose that we allow a flag "entropy", with a number as argument, or a boolean "high-entropy" value, that will instruct the server to generate a key with a minimum amount of entropy. I would propose a very conservative 96 bits, which is equivalent to keys of 16 characters.

electricdusk added the

feature

label 2020-05-27 22:37:54 +02:00

electricdusk changed title from ~~Allow requesting of high-entropy URL keys~~ to Allow uploading with high-entropy URL keys

2020-05-27 22:38:05 +02:00

electricdusk commented

2020-05-30 11:24:01 +02:00

Update: because of the way keys are encoded, every character adds 5 bits of entropy. If we take a key of 16 characters, we still have 80 bits of entropy, which should be fine.

electricdusk referenced this issue from a commit

2020-07-27 14:49:46 +02:00

Use high-entropy URLs for file uploads Fixes issue #59

electricdusk commented

2020-07-27 14:50:14 +02:00

Fixed by 6d3e8028cb.

Fixed by 6d3e8028cb.

electricdusk closed this issue

2020-07-27 14:50:24 +02:00

Sign in to join this conversation.