• @pivot_root
      link
      English
      1
      edit-2
      4 months ago

      A privately-stored salt would fix that :)

      • @[email protected]
        link
        fedilink
        English
        34 months ago

        Then what is the point of hashing the data? Just use an UUID.

        Anyway, this is all pointless bike shedding because the activity needs to be associated with the actor, as it can only be accepted if the signature can be verified.