Hacker News new | past | comments | ask | show | jobs | submit login

Learning a prefix of the hash doesn't really get you anywhere. The hash itself isn't a secret -- it could be published publicly without breaking the security model. You still need to derive a token that hashes to that value in full, and if you can do that then you've broken the hash algorithm by definition.





Say I got a memory dump from the client system. I don't know what is what but the secret is in their somewhere.

Filtering it down by the hash prefix locally is much leas likly to be detected then spamming the servers.

reply


Yes I guess if you trust the hash implementation completly; I just favour a bit more defence in depth.

reply




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: