hashly.txt

[1: the world as it is today]

regular identities are controlled by corporations:

https://twitter.com/jamieoliver
https://linktr.ee/jamieoliver
https://www.youtube.com/user/JamieOliver
https://www.youtube.com/watch?v=hTn8Uh1m0hg (11-character base 64 hash value)

decentralized identities are really long:

did:ara:9edeac1e44098ad940c8155baf563c1200fe35df331e74daaac8c2712e431cae
dat://445b0dbc94c371e6f3a2e80da8b1107cc8f6ba13e65318c43018a8d94ef8254a/mylinks.html
hyper://302232bfa3d6001fe1ecb8cf4ee68d73f300d8ca9bc4c6ecfde08b137a125f63/mylinks.html
https://ipfs.io/ipns/QmZrL4YkmgC7x3ZAicHx9s3fkoNgVmg87zHMSsmjRnhM23/
http://127.0.0.1:43110/1KqKuYHwbf6ob8n2E2UcrUTyfxpEhmRZSR/ (zeronet)
1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2 (bitcoin)
0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7 (ethereum)

[2: the dream]

i want something shorter, but still decentralized

jamieoliver@4ee68d73

'cause i've got a sticker and a Sharpie and need to keep on the move

[3: the user flow]

imagine a gist'n'bitly-like site
there's a text box where you can enter a string, up to 2K in size
a second later, it gives you a link with a short hash, like:

https://hashly.com/jamieoliver@4ee68d73

[4: under the hood]

suppose it takes an average present-day computer 1 second to sha256-sum 1 GB of data
start with plaintext JSON like:

{
  name: jamieoliver,
  target: did:ara:9edeac1e44098ad940c8155baf563c1200fe35df331e74daaac8c2712e431cae
}

there could be more stuff in here, like
-other linktree-style links
-your public PGP key
-your wallet addresses
-up to 2K of HTML, even
but the important parts are 'name', your social media handle everywhere
and 'target', the redirect destination à la bitly

repeat s as many times as it takes until you've got 1 GB of data
hash that into a 32 byte hash value
return just the first 4 bytes of the hash: 8 base16 characters like 4ee68d73

the server has a regular database with text files keyed by hash prefix
*or* it's got a hyperdrive with a public address so others can mirror!

[5: the attacker]

an evil attacker wishes to impersonate jamie oliver
it's easy for him to make his own hashly with that user name; user names are not unique
the attacker wants to forge the whole thing: jamieoliver@4ee68d73

brute force strategy
4 bytes is 2^32 = 4294967296
that number of seconds is 136 years

[6: ask to learn]

is there a better way to do this using crypto from the 70s? @Joe
is there a better way to do this using a DHT? @Bret
is there a better way to do this using blockchain/ethereum? @Eric

[7: notes]

https://urbit.org/understanding-urbit/urbit-id/
"Your Urbit ID is a short, four-syllable name like ~ravmel-ropdyl that you own with
an eight-syllable master passkey like ~palfun-foslup-fallyn-balfus"
really cool that it's both short and phonetic

https://hypercore-protocol.org/#hyperswarm
benefit is now the user can update their link (just like bitly lets you)
but--can the short links redirect to the long ones instantaneously?

https://en.wikipedia.org/wiki/SipHash
"SHA is designed so that it is difficult for an attacker to find two messages X
and Y such that SHA(X) = SHA(Y), even though anyone may compute SHA(X). SipHash
instead guarantees that, having seen Xi and SipHash(Xi, k), an attacker who does
not know the key k cannot find (any information about) k or SipHash(Y, k) for
any message Y ∉ {Xi} which they have not seen before."
"SipHash computes 64-bit or 128-bit message authentication code from a
variable-length message"
this may be better, but doesn't include the trick of making it short