The scope isn’t if they’re crackable (which, if course, they’re not, since they’re not encrypting anything). The scope is if using UUIDs as filenames in this publicaly accessible db a good way to hide the files. And the answer is: no it is not, because a computer powerful enough can guess all possibilities in a matter of minutes, and query them all against the db to discover all files stored within.
The powerful enough computer doesn’t exist, and will not exist for some time. And even if it exists, it can’t query the web server fast enough to have meaningful effectiveness.
So, for all intents and purposes, it’s impossible. Period.
Aside from the fact that a strong enough supercomputer won’t exist for decades, you’re not limited by the speed of UUID generation. Even if you had an infinitely fast supercomputer, it wouldn’t speed up your brute force attempts, since you’re limited by the speed of the backend. Wherever Tea stores their images, that server has only a limited capacity for responding to requests, far less than the speed with which you can generate UUIDs. That’s a hard cap - you won’t try guesses faster than that.
Even assuming 0 latency on their backend, if you wanted to check each UUIDv4 value again their database during your lifetime, you would need to check 1.686 x 10^27 UUIDv4 per second for 100 years straight. Supercomputers are measured in exaflops, which is 10^18 operations per second, so even distributing the work across many machines, you would need about 1 billion of super computers to be able to have a chance of checking every UUIDv4 value within 100 years.
UUIDs are essentially random numbers, crypto schemes are not, they’re not comparable.
The scope isn’t if they’re crackable (which, if course, they’re not, since they’re not encrypting anything). The scope is if using UUIDs as filenames in this publicaly accessible db a good way to hide the files. And the answer is: no it is not, because a computer powerful enough can guess all possibilities in a matter of minutes, and query them all against the db to discover all files stored within.
The powerful enough computer doesn’t exist, and will not exist for some time. And even if it exists, it can’t query the web server fast enough to have meaningful effectiveness.
So, for all intents and purposes, it’s impossible. Period.
Thank you for bringing sanity to this thread. At this point, I have to assume that this person is trolling? That or they’ve been vibecoding too long?
Aside from the fact that a strong enough supercomputer won’t exist for decades, you’re not limited by the speed of UUID generation. Even if you had an infinitely fast supercomputer, it wouldn’t speed up your brute force attempts, since you’re limited by the speed of the backend. Wherever Tea stores their images, that server has only a limited capacity for responding to requests, far less than the speed with which you can generate UUIDs. That’s a hard cap - you won’t try guesses faster than that.
Even assuming 0 latency on their backend, if you wanted to check each UUIDv4 value again their database during your lifetime, you would need to check 1.686 x 10^27 UUIDv4 per second for 100 years straight. Supercomputers are measured in exaflops, which is 10^18 operations per second, so even distributing the work across many machines, you would need about 1 billion of super computers to be able to have a chance of checking every UUIDv4 value within 100 years.