kennwhite, Great story by @zackwhittaker and nice research by @chick3nman. PSA: don't use deterministic hashing/encryption schemes to hide sensitive data on low-cardinality fields.
Shorter version: don't try to protect critical national infrastructure without consulting a cryptography engineer.
https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/
Add comment