- cross-posted to:
- askchapo@hexbear.net
- fediverse@lm.korako.me
- cross-posted to:
- askchapo@hexbear.net
- fediverse@lm.korako.me
Probably better to post in the github issue rather than replying here.
Probably better to post in the github issue rather than replying here.
A privately-stored salt would fix that :)
Then what is the point of hashing the data? Just use an UUID.
Anyway, this is all pointless bike shedding because the activity needs to be associated with the actor, as it can only be accepted if the signature can be verified.