On https://jwt.io/ the signature for the default RS256 token starts with “POstGet”. Is that just a coincidence (looks like odds of one in 100 billion, assuming case isn’t important) or did someone brute force the algorithm (PoW style) until they got something meaningful like that?
2 Likes
Nice finding, I would say it’s a coincidence. At least I’m unaware of any intentional attempt to do that and the JWT payload is actually pretty standard for an example token so it must be a (happy) coincidence.
3 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.