Collaborate Disseminate
I have a system where I’ve put strings into an encoded field. I can access the encoded strings through a SOAP interface that I’m using in a C# application. In the system itself I can access the plain text string. It would be … Continue reading Reverse encoded strings
Kalyna is a block cipher that became a Ukrainian national standard in 2015. It supports block and key sizes of 128, 256, and 512 bits. Its structure looks like AES but optimized for 64-bit CPUs, and it has a complicated key schedule. Rounds range from 10-18, depending on block and key sizes. There is some mention of cryptanalysis on reduced-round… Continue reading Kalyna Block Cipher
I have used ssh-keygen for creating an RSA 4096-bit SSH private and public key pair. I used a passphrase for the private key.
If an attacker, Eve, knows the passphrase in addition to the public key:
Can they derive the private key? – I pr… Continue reading SSH – If Eve has the passphrase and public key, can she derive the private key?
I am utterly confused about this. I understand why you would want to minimize redundancy if you’re using a substitution cipher, but why is this necessary when using a stream cipher such as RC4? Since the attacker does not h… Continue reading Why is it necessary to minimize redundancy in the ciphertext of a stream cipher?
I am utterly confused about this. I understand why you would want to minimize redundancy if you’re using a substitution cipher, but why is this necessary when using a stream cipher such as RC4? Since the attacker does not h… Continue reading Why is it necessary to minimize redundancy in the ciphertext of a stream cipher?
This question is a duplicate, however I feel that it’s necessary given the question. The original was posted in 2012: about 5 years ago before NIST had even published the final specification.
The question is more or less the… Continue reading Should we be using SHA3? (2017)
This question is a duplicate, however I feel that it’s necessary given the question. The original was posted in 2012: about 5 years ago before NIST had even published the final specification.
The question is more or less the… Continue reading Should we be using SHA3? (2017)
Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that … Continue reading Are stronger passwords safe in case of a breach?
Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that if your password is a genuinely secure password, like xy%5-xthrs32£ that you are still safe. Far far safer than someone with a password like Princess123 or my favourite LetMeIn.
I know the answer is that in the event of a breach, you should always change your password, I’m just trying to understand the security aspect. So, when talking to to someone with a genuinely random password – eg one generated by a good password manager – is it fair to say you are probably safe?
Continue reading Are stronger passwords safe in case of a breach?
The first collision in the SHA-1 hash function has been found. This is not a surprise. We’ve all expected this for over a decade, watching computing power increase. This is why NIST standardized SHA-3 in 2012. EDITED TO ADD (2/24): Website for the collision. (Yes, this brute-force example has its own website.)… Continue reading SHA-1 Collision Found