On 4/30/09 4:21 AM, Solberg Andreas Åkre wrote: > > On 30. april2009, at 10:10, Dossy Shiobara wrote: > >>> >>> https://rnd.feide.no/content/vulnerable-token-creation-php-oauth-library >> >> Ouch! Nice find. w/ rainbow table of MD5, recovering the secret from >> the token is a matter of seconds, d'oh! :-) > > Or if you do not have a rainbow table available, you could instead take > a look at your wristwatch, or even better take the oauth_timestamp and > calculate _both_ the key _and_ the secret :)
LOL, oauth_timestamp FTW. Duh! -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
