|
|
|
|
|
|
by Reelin
2389 days ago
|
|
|
To add to this, hashed username-password material is leaked only by the first variant described in the paper. The second variant described only leaks hashed username material. They reportedly used the first variant during testing but have now switched to the second variant. They indeed appear to have increased the prefix from 2 to 3 bytes. This makes logistical sense though - with 4 billion items, a 2 byte address yields ~61k items per bucket (and thus sent to the client per request) while a 3 byte address yields only ~240 on average. |
|
|