Collaborate Disseminate
We regularly use 10000 iterations of SHA256 for hashing passwords.
If we want to have similar security, how many rounds/work factor should we use when hashing passwords with bcrypt?
Continue reading How many rounds of Bcrypt to use for security equivalent to SHA256?
Is it possible to reverse a password hashed with bcrypt?
Continue reading Is it possible to reverse a hashed password? [duplicate]
Due to several customer reasons our product needs to support Basic Auth as primary authentication mechanism with client’s service account.
We are using Bcrypt to store customer’s password in our DB, however Bcrypt (combined with Basic Auth… Continue reading Best secure approach with Basic Auth
I know there are various questions that seem similar, for instance, this one. However, it does not answer my question.
I’m creating a signup/login system (with node.js to be particular), and I’m trying to hash the user’s password (with bcr… Continue reading How can I use a unique salt for each user
In this report on the recent ParkMobile breach, the article has this comment from the company:
“You are correct that bcrypt hashed and salted passwords were obtained,” Perkins said when asked about the screenshot in the database sales thr… Continue reading How can salted passwords work if you don’t "keep the salts in the system"?
An attacker want’s access to a specific account, he doesn’t know the password.
It’s a high entropy password. +128bits
The attacker has the hash for the password (Assuming OWASP suggested bcrypt with cost 12)
The attacker has a list with n… Continue reading Having a list of hashes for the same password compromise the security of the password?
Considering:
A VERY motivated attacker,
A large entropy password, as in 256bits¹ hashed in bcrypt (with recommended cost factor of 12), and
Attacker knowledge of everything he might need (except the password): hash, salt, cost, etc [AFAIK… Continue reading Are bcrypt hashes safe enough if exposed?
I am trying to Use AES to store passwords for a password manager. For authentication I am already using bcrypt. As AES uses 256 bit Key can I use SHA256 to generate 256 bit key from hashed value of bcrypt(Not talking about hash saved in Db… Continue reading Is using SHA256 to create 256bit secret key from bcrypt good ok?
I have a ton of encrypted or hashed texts and their decrypted or de-hashed forms(I don’t know which term is suitable in this case, if you can teach it as well, I really appreciate) via bcrypt. The thing I want to learn for the educational … Continue reading How is the bcrypt algorithm decrypted?
I was wondering if it’s possible to implement more secure KDF like bcrypt, scrypt, pbkdf2 and argon2id in PAM authentication.
Ideally I would like to have their hashes instead of SHA-512 ones directly in /etc/shadow, but we all know what U… Continue reading Is it possible to use Argon2id hashes with PAM?