that doesn't help either. 'Salt' is public and usually different/unique per entry/name.
If you mean to use a "secret" prefix (i.e. pepper) then, that would generate effectively globally unique names each time (and unpredictable too) but you can't change the pepper and it's only a matter of time it'd leak.
If they can't make the bucket before you do then they are not "bucket squatting", and they can't do so for a salted and hashed bucket name without knowing the salt at runtime.
The public/private distinction seems moot here, too: the salt is a throwaway since you just need the bucket name.
Even if you do need to keep track of the salt, it should be safe for the attacker to know, at least with respect to this attack, because you already own the bucket which the attacker would otherwise hoard.
>For every "20 min max" take home assignment, there will be people who are willing to spend 4+ hours doing it to outshine candidates who have jobs, families and lives.
The ones we use have a clear scoring system and prepared inputs - all it matters is the generated output.
If you cant do the sarcasm yourself (and be witty enough), it's just not fun or improved in any way. Use of corporate speak is sarcasms on its own right, of course - but it only makes sense if it's something your are exposed to (and people can relate), instead of being fake.
Also, if you have to mark the sarcasm, then it's proper bad.
I don't know why this is confusing. If I forget to put the "not" qualifier in a sentence, do we agree that it can confuse (or worse, mislead) the reader?
If you mean to use a "secret" prefix (i.e. pepper) then, that would generate effectively globally unique names each time (and unpredictable too) but you can't change the pepper and it's only a matter of time it'd leak.
reply