Technology

58117 readers

5090 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

511

2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed (www.tomsguide.com)

submitted 1 month ago by [email protected] to c/[email protected]

140 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 month ago

Yea that's a tough system to design for. Ideally you want sensitive stuff like that, where you don't care what the data is just that something matches it, stored as the results of a one-way hash function.

The problem is that most of the data you're going to want to secure is pathetically tiny. 10 digit SSN? My phone can brute force that in a few minutes if you're doing raw hashes. Gotta salt them. But now you have a tradeoff decision, salting every one uniquely is best but now your comparison needs to do [leaked data] × [customers] checks to find matches. Same salt on all of them and as soon as one is cracked they all are.