Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I hope it is a cryptographically secure hash that STAYS cryptographically secure. Otherwise ten years down the road someone will figure out a way to force collisions and then, bam, you'll be running l33tcrew.ru's copy of Prototype with the access privileges of bankofamerica.com .

No problem fixing that one, all you have to do is roll out a patch to every standards-compliant browser in the world, oh, yesterday would have been good.



Or specify the hash type you'd like to see at the point you invoke the script. It can't retroactively protect pages that were published with the insecure hash, but it certainly would allow the author to update their site upon awareness of a hash vulnerability.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: