dataflow 18 hours ago

That's not how it works. The combination of valid inputs is a small set. You just try each one until you get the hash.

Reply View 2 replies
  • jedimastert 16 hours ago

    It's not all that small, although probably small enough to make a rainbow table or something.

    You would have to maintain the code to generate character-perfect strings (or maybe just keep a very large library of the current most popular ones) and also make sure you have the up to date API key salt values (which they probably going to start rotating regularly), which–as I said before–wouldn't be impossible, just prohibitively irritating to maintain for comparatively little benefit.

    And besides, it won't be too long before people just start spoofing the hash too, probably shorter than getting the generator up and running

    Reply View 1 reply
    • giingyui 15 hours ago

      There is no salt plus the list of api keys and user agents is finite and very short. Any computer could crack this header in milliseconds.

      Reply View 0 replies