Viewing a single comment thread. View all comments

sudo OP wrote

But that would still have a 1:1 correlation between city name and final hash, right? If so, that'll just make a little bit of extra work for someone to undo it. It's still vulnerable to the same type of brute-force attack the original was.

3

josefStallman wrote

You could salt the hash

1

sudo OP wrote

That's only useful for passwords. It wouldn't be useful here, because when you're authenticating a password, the salt is concatenated with the text the user typed in before it's put through the hashing function. So, in order to come up with the same hash, the other person would need to know the salt you're using, thus making it worthless for our purposes. (In real life, salts are used to protect against dictionary attacks or rainbow table attacks, assuming the hashes are leaked, but not the salts. If the attacker knows the salt, then it's useless.)

2