I am learning about json web token and I don't understand why they're so reliable. If the signature is a function of the payload, the header, an algorithm and a secret key, isn't there a risk that ill intentionned individuals reverse engineer the secret key, when they have all three other arguments ? What makes it so difficult ? This is a naive question but I havn't been able to find the explanation.
Asked
Active
Viewed 23 times
0
-
2[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) are [one-way functions](https://en.wikipedia.org/wiki/One-way_function) (as far as we know). It's not that it's impossible: rather, it would take an inordinately long amount of time to do so given our current knowledge and capabilities. – jsejcksn Nov 08 '22 at 09:20