Y
Hacker News
new
|
ask
|
show
|
jobs
by
bagels
1060 days ago
topic_id is public information, and predictable. It's neither secret, nor random.
1 comments
rawling
1060 days ago
This is a weird use case (deliberately making the hash public) and the usual concept of a salt feels weird here. Any kind of server-side secret would have effectively stopped this attack, even if it was the same in every hash.
link