

Find out if your iphone UDID was compromised - afitnerd
http://udid.afitnerd.com/

======
dfc
_"The service checks to see if the hashed value exists and then lets you know
if your udid is among the ones compromised. Only hashed values are stored in
the service, not any of the raw udid values."_

So all the site owner has to do is hash the udids to know who you are?

~~~
afitnerd
The udids have already all been hashed. It is the hashed values only that are
stored on the site. The only piece of information sent to the site is a hashed
udid (the udid is hashed on the browser before any information is sent over
the wire).

~~~
dfc
I realize that. But all the site owner has to do is keep a list of the
UDID->hash mapping and then he can lookup the original UDID...

~~~
afitnerd
I think you may be missing the point. I already have all of the 1,000,001
original UDIDs posted by AntiSec. I don't need to go through all that hassle
you describe. I wrote the script that generated the hashes from the original
UDIDs.

The point is that in order to stop people from passing their UDIDs around the
net they way some other checking services have made them do, this service does
not have any of the original UDID's on local storage. Even if my site is
compromised, it will not further the spread of UDID information.

Of course, you do have to trust that what I am saying is the truth. Anyone can
choose NOT to submit their (hashed) UDID to my site.

~~~
dfc
I may be missing the point. I am not trying to be difficult, I promise. What
is the difference between me sending you my UDID and me sending you my hashed
UDID?

------
retrogradeorbit
If your UDID tests negative, you still could be compromised. The original FBI
file had 12 million. AntiSec released 1 million.

This linked testing site says 20 million, which is wrong, as far as I know.

~~~
afitnerd
Thanks for info. I've updated the information on the page.

