“ Not that it matters much, since you can just bypass the security control entir... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

hsbauauvhabzb on July 4, 2022 | parent | context | favorite | on: Police CyberAlarm Uses Alarming Cryptography

“ Not that it matters much, since you can just bypass the security control entirely, but == is not the correct way to compare hash function outputs.”

I read an excellent whitepaper on brute forcing this over the internet in ~2012 but I cannot find it. Anyone happen to know the paper I’m referring to, or if it’s still relevant with modern cpu and compiler optimisations?

CiPHPerCoder on July 4, 2022 [–]

There's this 2009 paper

http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf

hsbauauvhabzb on July 5, 2022 | [–]

Thanks that’s the one!

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact