Tweeting the hash of a
- Security:
Usability: 



Tweeting the hash of a random salt and a
- Security: 

Usability: 
Tweeting the HMAC of a random key and
- Security: 




Usability:
For short
's or long-term predictions, do 2.
No, that's the sorta the whole point of tweeting hashes :) You keep the input secret, but later on you want to be able to show you had it at along.
-
-
So how can you collide against "MD5(
+ salt)." if you don't know
… wait that's still preimage. You mean you can find "MD5(
+ salt) = MD5(
' + salt)" because you can do that with HMAC. -
HMAC is: prefix0 = padToBlock(key) ^ 0x36363636… prefix1 = padToBlock(key) ^ 0x5c5c5c5c… inner = H(prefix0 || message) output = H(prefix1 || inner) Pick any key it doesn't matter. Now collide "H(prefix0 || message) = H(prefix0 || message')" now you have an HMAC collision.
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.