|
|
|
|
|
|
by JanisErdmanis
1286 days ago
|
|
|
I had a similar take on the article. Also, hashing JSON is something which looks somewhat dangerous. I guess one aspect which was a bit implicit in the article is that if the thing one is hashing has a limited number of states, then a preimage for ordering more apples than intended could be found (in addition to a lack of authentication data). That's where adding more information would also be helpful, and using DER would not fix that. EDIT: I realised that I made a mistake. A preimage can not be found when a strong hash function is used. What can, however, happen is that differently structured data can have a nonunique mapping to a byte vector which can be exploited. |
|
|
Hashing JSON is an idea that gives me the creeps because two identical bits of JSON can have different hashes, which sounds like a much bigger problem to me than two different bits of JSON having the same hash.
and are the same object; no matter what you're using the hash for, they should have the same hash.