

Chroma-Hash, Revisited - nkurz
http://mattt.me/2009/11/chroma-hash-revisited/

======
RiderOfGiraffes
Mentioned many times, some discussion:

<http://searchyc.com/chroma+hash?sort=by_date>

~~~
nkurz
Perhaps, although I think I've linked to a different article than the one that
shows up in the search results. This one is the author's response to the
criticisms. The 'Revisited' is part of his title, not mine.

My thought upon reading the original articles was that this was a really silly
idea, and that a 'checkmark' that appears if the two match would be much more
useful.

But his Case #2 was interesting. He suggests that it can serve as an "Anti-
Phishing Mechanism":

 _Similar to the account-specific images that online banking systems recently
added, your password becomes a visual signature that you can look for.
Websites can securely serve unique color signatures by issuing a hash salt
through a browser cookie, for instance.

Let’s say you go to a site that you think is PayPal. If you start to type your
password and you’re getting unfamiliar colors (or no colors show up at all,
for that matter), you’ll know something’s fishy._

Maybe?

~~~
RiderOfGiraffes
> Perhaps, although I think I've linked to a different article than the one
> that shows up in the search results.

Indeed. I put the search in to point out that the idea and technique has been
mentioned before, and there is discussion elsewhere. The idea is to try to
avoid repeating points and discussion needlessly.

I wish HN had a "merge discussion" facility, although I have no idea how that
would work.

