Techly NewsGet the app

Get the latest tech news

“YOLO” is not a valid hash construction


By Opal Wright Among the cryptographic missteps we see at Trail of Bits, “let’s build our own tool out of a hash function” is one of the most common. Clients have a problem along the li…

These needs are often met with what could be called “YOLO” constructions: ad-hoc functions that “solve” the instant problem in a way that’s obvious, straightforward, and usually wrong. On the other hand, if Mallory wants to attack Alice’s key by checking a million passwords per second, she’ll need to generate and process 64 terabytes of data every second. Newer hash designs are built with cool ideas like multihash and MACs in mind, and if there’s no need to reinvent the wheel, don’t.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of YOLO

YOLO

« GNU DDD 3.4.1 Released As GUI Front-End To GDB
X is partly funded by sanctioned oligarchs »