@seanmonstar Re:latest blog. I'm an attacker w/access; I will just quietly start inserting every hash until everyone can log in as everyone.
@jeremyrsmith his part 2 addresses that very attack http://www.opine.me/all-your-hashes-arent-belong-to-us/ …
-
-
@seanmonstar If an attacker has access to your DB, you already failed QED -
@jeremyrsmith but then again, i don't spend any time on database security. - 1 more reply
New conversation -
-
-
@seanmonstar Ah OK-he changed the whole thing in a follow-up because the original was dogshit. Enough layers will make anything "secure"Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.