- From: Michal Zalewski <lcamtuf@dione.cc>
- Date: Tue, 30 Sep 2008 19:36:56 +0200 (CEST)
On Tue, 30 Sep 2008, Edward Z. Yang wrote: >> More importantly, since the dictionary of possible inputs is rather >> limited, it would be pretty trivial to build a dictionary of site <-> >> hash pairs and crack the values. May protect >> xyzzy2984.eur.int.example.com, but would still reveal to me you are >> coming from playboy.com. > > Salt it. Problem solved. Not really? I just need to rebuild my dictionary for that salt, but to check against say a million or ten million of common domains, it wouldn't be very expensive. And it's not very expensive to build such a list of domains, too. /mz
Received on Tuesday, 30 September 2008 10:36:56 UTC