Techly NewsGet the app

Get the latest tech news

Don't use Session – Round 2


Last week, I wrote a blog post succinctly titled, Don’t Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote ab…

Acknowledgements, Page 24 The idea behind the linked paper is you can use the Rho Method to perform a collision attack against any random function in roughly time without requiring memory. Given the existence of this technique for parallel collision searching, and the fact that the more straightforward application of one of Pollard’s rho methods is used for breaking the ECDLP in queries, it seemed plausible to me to turn this into a practical attack against 128-bit seeds. If your typical user’s routine experience with recovery phrases is significantly more involved than “copy and paste from password manager” or “transcribe from handwritten note stored in a fireproof safe,” then there’s something fundamentally wrong with your app.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Session – Round 2

Session – Round 2

« Linux 6.13 Released
Byzantine-Sassanian War (602-628 CE): The Last Great War of Antiquity (2023) »