|
|
|
|
|
|
by g_p
1726 days ago
|
|
|
I believe in some areas there was a shortened, truncated form of the public key being used as an "address". If a device went offline and was forgotten about (but still trusted), an impersonator spoofing the same (truncated) public key could gain access, as long as the server didn't reject this identity and say "that's not the public key you had before". I believe truncation was used to facilitate typing it into the UI. So in short, it seems to me this aspect was based on truncation of a public key or hash, and the inevitable finding of collisions in this reduced address space. |
|
|