People Mastodon

384 readers

256 users here now

People tooting stuff. We allow toots from anyone and are platform agnostic (Mastodon, BlueSky, Twitter, Tumblr, FaceBook, Whatever)

founded 5 months ago

MODERATORS

Deceptichum@quokk.au

481

get facial surgery (infosec.pub)

submitted 1 month ago by Deceptichum@quokk.au to c/peoplemastodon@quokk.au

23 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Nomad 1 points 1 month ago (1 children)

So right and so wrong at the same time. A hash loses be by definition information. So you can compare it to a fingerprint and decide if it matches. It can't be used to reconstruct a fingerprint due to complexity of fingerprints and the complexity. So you can't reuse the hash to authenticate anywhere, so stealing it has only reduced benefit. Maybe a mass surveillance state might want that to find your finger prints where you have been but this is a lot more work than just confirming your phone identifier and forcing the cell company to reveal you whereabouts.

[–] Maxxie@piefed.blahaj.zone 2 points 1 month ago* (last edited 1 month ago) (1 children)

which part was wrong?

Because the hashing happens server-side, it still has access to the original data. Which is why I said

It can leak if the server is compromised or misconfigured

[–] Nomad 1 points 1 month ago

The hash for a password is not that secret. For a strong password it can't be used for anything bad really.