Y
Hacker News
new
|
ask
|
show
|
jobs
by
trees101
163 days ago
why would you do that rather than just revoking the key directly in the anthropic console?
1 comments
mingus88
163 days ago
It’s the key used by the attackers in the payload I think. So you publish it and a scanner will revoke it
link
trees101
163 days ago
oh I see, you're force-revoking someone else's key
link
rswail
162 days ago
Which is an interesting DOS attack if you can find someone's key.
link
OJFord
162 days ago
The interesting thing is that (if you're an attacker) your choice of attack is DoS when you have... anything available to you.
link
freakynit
162 days ago
Does this mean a program can be written to generate all possible api keys and upload to github thereby revoke everyone's access?
link
kylecazar
162 days ago
They are designed to be long enough that it's entirely impractical to do this.
All possible
is a massive number.
link
freakynit
162 days ago
That's true tho... possible, but impractical.
link
antonvs
162 days ago
Not possible given the amount of matter in the solar system and the amount of time before the Sun dies.
link
cortesoft
162 days ago
Only possible if you are unconstrained by time and storage.
link
eru
162 days ago
Not only you, but GitHub too, since you need to upload.
Storage is actually not much of a problem (on your end): you can just generate them on the fly.
link