Huh? Hash your bucket names

why_only_15 5 hours ago | parent | next [-]

if your bucket name is ever exposed and you later delete it, then this doesn't help you.

	▲	lijok 4 hours ago \| parent [-]
		The entire article talks about “guessing” the bucket name as being the attack enabler, not the leaking of it. What does the landscape look like once you start doing the basics like hashing your bucket names? Is this still a problem worth engineering for?

▲

Maxion 5 hours ago | parent | prev [-]

I don't think that'd prevent this attack vector.

▲

alemwjsl 4 hours ago | parent [-]

Ok; salt, and then hash your bucket names

▲

xxs 3 hours ago | parent [-]

that doesn't help either. 'Salt' is public and usually different/unique per entry/name.

If you mean to use a "secret" prefix (i.e. pepper) then, that would generate effectively globally unique names each time (and unpredictable too) but you can't change the pepper and it's only a matter of time it'd leak.

	▲	tosti an hour ago \| parent \| next [-]
		Random pepper. Or just, y'know, randomly generate the effing string. Can't be that hard.
	▲	lcnPylGDnU4H9OF an hour ago \| parent \| prev [-]
		If they can't make the bucket before you do then they are not "bucket squatting", and they can't do so for a salted and hashed bucket name without knowing the salt at runtime. The public/private distinction seems moot here, too: the salt is a throwaway since you just need the bucket name. Even if you do need to keep track of the salt, it should be safe for the attacker to know, at least with respect to this attack, because you already own the bucket which the attacker would otherwise hoard.