yeah, the point is that if hyazinthe@feddit.de hashes to, say, blue, they can try to find a similar-looking username that also hashes to blue, therefore helping with the impersonation. if you hash a client nonce that’s different for everyone, you may hash to blue on my screen but green on yours, and there will be no relation between who hashes to which color on your screen or mine. the impersonator will have no way to guess if their name would match colors on either of our screens, and if we have, say, 25, colors, it will be a static 4% chance no matter what they do.
Ah, I understand. But couldn’t you just implement the unpredictable colors, you are trying to achive client-side, without hashing, say random order of colors?
The full user adress should suffice for the hash, because there is only one [email protected], for example.
Also, do you really need a hash? Isn’t there a simpler alternative, developing an app?
yeah, the point is that if
hyazinthe@feddit.de
hashes to, say, blue, they can try to find a similar-looking username that also hashes to blue, therefore helping with the impersonation. if you hash a client nonce that’s different for everyone, you may hash to blue on my screen but green on yours, and there will be no relation between who hashes to which color on your screen or mine. the impersonator will have no way to guess if their name would match colors on either of our screens, and if we have, say, 25, colors, it will be a static 4% chance no matter what they do.Ah, I understand. But couldn’t you just implement the unpredictable colors, you are trying to achive client-side, without hashing, say random order of colors?