npub19lt4284mghqxekzm6n5njxurnxrxhqhrva2leusdsuu5ja5jeycq66qfjk (npub19lt…qfjk) npub1mjjwe95dghhw434k4vsvxs5yl6gcr6kupghf5u0dgcvhga0w94sqe7h2pr (npub1mjj…h2pr) No, it *is* necessarily bad. Salting only works with the complete password. Even a salted 1-character hash has only ~60-80 possible values that can be quickly enumerated.
Now, you could try to handwave something about secure environments, SGX, or something, but I doubt that very much.
I'd lean towards informing the relevant regulatory body that the site in question employs unsafe security practices, likely incompatible with whatever they're required to do.
Henryk Plötz /
npub1fy…w27td
2024-03-21 14:39:48
in reply to nevent1q…rgdw
Author Public Key
npub1fyzes4hjsu6cmzevr6ajz2c5etjevkgavs59pkdakp5260qnavhqdw27tdPublished at
2024-03-21 14:39:48Event JSON
{
"id": "d9c3a2d16198a5d9cf088634b04e1ca1569f18e97e9e43c656937941d0932b70",
"pubkey": "49059856f287358d8b2c1ebb212b14cae596591d642850d9bdb068ad3c13eb2e",
"created_at": 1711031988,
"kind": 1,
"tags": [
[
"p",
"2fd7551ebb45c06cd85bd4e9391b8399866b82e36755fcf20d8739497692c930",
"wss://relay.mostr.pub"
],
[
"p",
"dca4ec968d45eeeac6b6ab20c34284fe9181eadc0a2e9a71ed46197475ee2d60",
"wss://relay.mostr.pub"
],
[
"p",
"fddf487eea9db57a6e320f80e5cb63de50bedf539695a41c0d447be6c23643e1",
"wss://relay.mostr.pub"
],
[
"p",
"883b5e42e69fa4eb2bee76e555c217028b48dc7676f61453c7f506fd1a33ab62",
"wss://relay.mostr.pub"
],
[
"e",
"fe8991342a928d2793b4786f30190f8a628368e1d3779b4194243483f8ed94b9",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://chaos.social/users/henryk/statuses/112134192420436674",
"activitypub"
]
],
"content": "nostr:npub19lt4284mghqxekzm6n5njxurnxrxhqhrva2leusdsuu5ja5jeycq66qfjk nostr:npub1mjjwe95dghhw434k4vsvxs5yl6gcr6kupghf5u0dgcvhga0w94sqe7h2pr No, it *is* necessarily bad. Salting only works with the complete password. Even a salted 1-character hash has only ~60-80 possible values that can be quickly enumerated.\n\nNow, you could try to handwave something about secure environments, SGX, or something, but I doubt that very much.\n\nI'd lean towards informing the relevant regulatory body that the site in question employs unsafe security practices, likely incompatible with whatever they're required to do.",
"sig": "cd1641cdd431b4fa144028b16cedb824c39c1e0348f22a52d76b8b130e1c439b978924ad6cec37e17822d96e787c52296721a2f51748fd529086bf6aed87e6a1"
}