Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can someone explain to me how

> Bcrypt uses the string "OrpheanBeholderScryDoubt" as an initialization string

Given as an example, is actually an example of this?



https://security.stackexchange.com/questions/227459/why-is-t...

The initials spell out "OBSD", as a nod to the hash being first designed for OpenBSD, and they needed a 24 char / 192 bits value.


I read that too, but given the leeway that gives the chooser of the value, it doesn’t seem like an example of the topic


(I answered the stackexchange question). I agree, it is definitely picked with that intent, but it’s harder to prove.

14 character strings that abbreviate to OBSD/English is a much larger set than the traditional picks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: