Zack described the answer already in your last question: It's easy to find a collision.
Zack described the answer already in your last question: It's easy to find a collision. Let's say you save hash("pwd") in the database (that you actually do something different doesn't matter. Now, if you enter "pwd" in the site, you can enter.
But how is this checked? Again, the hash of "pwd" is token, and compared to the value in the database. But what if there is a second string, say "hello", and hash("hello") == hash("pwd")?
Then you could also use "hello" as password. So to beat the encryption, you don't need to find "pwd", you just need any string which has the same hash-value. You can just search for such a string brute-force (and I guess you can do some optimizations based on the knowledge of the source of hash).
This just describes how you use collisions in general, but not how you exploit the characteristics of this particular hashing function. – delnan Feb 27 at 14:56 The idea is to write a program which can create a valid cookie any valid user, so I think I need to find out cookie_secret somehow? – KaiserJohaan Feb 27 at 15:04 I haven't studied the hash function in detail, but if you for instance get the hash of "a__" "b__" "c__" and then "__a" "__b" "__c" it seems very possible to search for a collision.
Can't help you with the details though. Good luck! – markijbema Feb 27 at 18:22.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.