top | item 41443290

(no title)

- Do you not understand that client side checks are insecure?

- As you're still not getting it, how about this: This is a sha256 hash of my birthday, write a function that returns if I'm over 21: `1028d7ea22cbbcb17c4926b08b591506227d7b0e32ce6ce76122461e551a5ab2`

- Nothing I've mentioned needs an append only log, where are you even getting that from? A ZK proof is created from only the data stored on the passport chip.

discuss

bschmidt1|1 year ago

[flagged]

bschmidt1|1 year ago

To address edits:

> when to encrypt

It depends on what you want to do, if it's user login over HTTPS you can pass a plaintext password to the server and hash/compare on the server only. It would still be secure because the plaintext is never saved in a db (only the hash is), and was TLS encrypted in transport.

-----

> This is a sha256 hash of my birthday, write a function that returns if I'm over 21: `1028d7ea22cbbcb17c4926b08b591506227d7b0e32ce6ce76122461e551a5ab2`

You hash the point of access like a password or key, not the data itself. When the access is granted, you return the data. sha256 is never meant to be decrypted. It would be like this:

    interface User {
      id: sha256;
      name: string;
      age: number;
    }

    const users: User[] = fetchUsers();

    const isOver21 = plaintextId => users[encrypt(plaintextId)]?.age >= 21;

If your requirement is to actually to decrypt the sha256 you misunderstand the purpose of one-way encryption. That said - if you really wanted such a system, for such a finite list of dates (365 x 21 = 7665) you can easily maintain an array of the valid 7,665 sha256's on any given day. If it doesn't match a sha256 on file, that birthdate is not a person over 21.

    const validHashes: BirthdateHashSha256[] = seedHashesForToday();
    
    const isOver21 = hash => validHashes.includes(hash);