Y
Hacker News
new
|
ask
|
show
|
jobs
by
bascule
2258 days ago
If you use an unkeyed hash (as opposed to a PRF) on low-entropy inputs, they can be preimaged by an attacker.
This is especially problematic in the case of PII like email address/phone number