Hacker News new | past | comments | ask | show | jobs | submit login

> WARNING: Do NOT use Beacon generated values as cryptographic secret keys!

As a thought experiment what would happen if you did this?




Someone who knew or guessed that you were doing it could find your key very quickly by trying out every beacon value in the time range your key was generated in


Many exploited systems have effectively done this. A random number generator is seeded with something like "PID + timestamp + milliseconds since system startup." But all these numbers cluster in a small range, so it's practical to test all of them and figure out the seed.


similar things to if you were to use the top row of your keyboard as a password


That is why I continue to use hunter2 as my password.


You use ******* as a password? That’s all on a single line of the keyboard.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: