The great thing about brute forcing a hash collision is you only need to get the first four digits and last four digits correct. Humans are terrible at long strings of random characters.
-
-
It’s hard to count in, so I don’t think ppl do. It would be better to display a string of words, since that is easier to check. Loads of Tor hidden services use brute force to get the first 7-8 digits of the address of the site they’re impersonating
-
I wonder if you'd likely notice by accident though. Often there will be some (non-hash) identifier of a number of hex digits where the first and last few characters are the same, but the center just doesn't look right, so I check more carefully.
End of conversation
New conversation -
-
-
If I am doing it quick by eyeball first and last 8. If I am at a proper terminal: echo <HASH1> > temp echo <HASH2> > temp1 diff temp temp1
-
How do you verify Signal fingerprints? Or WhatsApp fingerprints? How does your counter party?
- 7 more replies
New conversation -
-
-
Also, humans aren't good RNG ;P
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.