On https://jwt.io/ the signature for the default RS256 token starts with “POstGet”. Is that just a coincidence (looks like odds of one in 100 billion, assuming case isn’t important) or did someone brute force the algorithm (PoW style) until they got something meaningful like that?
Nice finding, I would say it’s a coincidence. At least I’m unaware of any intentional attempt to do that and the JWT payload is actually pretty standard for an example token so it must be a (happy) coincidence.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.