niieani
commented
7 months ago If security is your primary goal, I would not recommend using hashids. The algorithm obfuscates information using the salt, but with enough time and motivation, a bad actor could probably figure out the ordering of information (i.e. which hash is smaller than the other).
I am using UUIDs for my mysql db, and I am wondering if I can use this library instead so db's performance would get better. However, I want to know how secure is this method compared to UUIDs ? At first I saw that lower integers are encoded to shorter hashes so it expose a little information about order of rows. but how about hashes with same size ? If I use a secure salt, is it nearly impossible to compare two hashes (to determine which one is a higher number) or decode them without knowing the salt ?