Tony Arcieri 🌹🦀 on Nostr: Pretty much all versions of bcrypt are vulnerable to second preimage attacks because ...
Pretty much all versions of bcrypt are vulnerable to second preimage attacks because they truncate the input to the first 72 bytes, meaning the hashes for messages longer than that will collide.
This resulted in a login bypass against Okta.
https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass
This resulted in a login bypass against Okta.
https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass