People Mastodon

353 readers

144 users here now

People tooting stuff. We allow toots from anyone and are platform agnostic (Mastodon, BlueSky, Twitter, Tumblr, FaceBook, Whatever)

founded 4 months ago

MODERATORS

Deceptichum@quokk.au

426

get facial surgery (quokk.au)

submitted 2 days ago by Deceptichum@quokk.au to c/peoplemastodon@quokk.au

23 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Nomad@infosec.pub 0 points 23 hours ago (1 children)

So right and so wrong at the same time. A hash loses be by definition information. So you can compare it to a fingerprint and decide if it matches. It can't be used to reconstruct a fingerprint due to complexity of fingerprints and the complexity. So you can't reuse the hash to authenticate anywhere, so stealing it has only reduced benefit. Maybe a mass surveillance state might want that to find your finger prints where you have been but this is a lot more work than just confirming your phone identifier and forcing the cell company to reveal you whereabouts.

[–] Maxxie@piefed.blahaj.zone 2 points 21 hours ago* (last edited 21 hours ago) (1 children)

which part was wrong?

Because the hashing happens server-side, it still has access to the original data. Which is why I said

It can leak if the server is compromised or misconfigured

[–] Nomad@infosec.pub 1 points 19 hours ago

The hash for a password is not that secret. For a strong password it can't be used for anything bad really.