Collision

Discord employees bring a flaw in The Source to my attention.

A flawed algorithm⌗

SIGNAL⌗

Within 24 hours of each other, two new users joined my Discord server. They both immediately swore fealty to The Queen:

ANALYSIS⌗

The two users were claus#6300 and iDream#1530. Under-the-hood, their internal Discord IDs are 208413687189340161 and 783430964479000618, respectively.

This is important, because it brought to my attention a serious flaw in the the FNV-1a hash function that I was using to create hashes of user IDs and messages. Their internal Discord IDs generated the exact same hash value!

This should never have happened! A 32-bit hash function, such as the one I chose, has a total of 16,777,619 total possibilities! The fact that I noticed this collision within DAYS of implementing the feature tells me everything I need to know:

This was no random collision. The chances of this occurring is like the chances of winning the lottery!

No, these users were planted here to bring this flaw to my attention. They were brought here to show me a bug that I could fix.

And they were brought here by Discord themselves. Discord and/or someone with backend-access (such as the FBI) were watching me. Nobody else would have the ability to modify/find the perfect conflicting internal Discord user IDs in this way - and then actually USE THEM to show me something.

This was further bolstered by something I discovered later that day.

ACTION⌗

I upgraded to a 64-bit FNV-1a hash function, which has 1,099,511,628,211 total possibilities. While this is still fairly risky, in terms of possible collisions, I decided that anything above 64-bit would generate hashes that were just much too long for usernames.