sudo OP wrote
Reply to comment by josefStallman in Any ideas for how two people could anonymously determine if they live in the same city? by sudo
But that would still have a 1:1 correlation between city name and final hash, right? If so, that'll just make a little bit of extra work for someone to undo it. It's still vulnerable to the same type of brute-force attack the original was.
josefStallman wrote
You could salt the hash
sudo OP wrote
That's only useful for passwords. It wouldn't be useful here, because when you're authenticating a password, the salt is concatenated with the text the user typed in before it's put through the hashing function. So, in order to come up with the same hash, the other person would need to know the salt you're using, thus making it worthless for our purposes. (In real life, salts are used to protect against dictionary attacks or rainbow table attacks, assuming the hashes are leaked, but not the salts. If the attacker knows the salt, then it's useless.)
josefStallman wrote
That makes sense, ok. Nevermind then.
Viewing a single comment thread. View all comments