Explore >> Select a destination
|
You are here 
|
educatedguesswork.org | ||
| | | | |
cronokirby.com
|
|
| | | | | - Read more: https://cronokirby.com/posts/2021/07/on_multi_set_hashing/ | |
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
www.schneier.com
|
|
| | | | | Apple's NeuralHash algorithm-the one it's using for client-side scanning on the iPhone-has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The next step is to generate innocuous images that NeuralHash classifies as prohibited content. This was a bad idea from the start, and Apple never seemed to consider the adversarial context of the system as a whole, and not just the cryptography... | |
| | | | |
myers.io
|
|
| | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | ||
