Collaborate Disseminate
Alice stated to Bob that X is her physical fingerprint.
Problem:
How to make Bob trust that X is really a physical fingerprint of Alice?
How to prevent Alice from creating multiple identities (let’s assume she has only one physical finger… Continue reading How does Bob trust that X is a physical fingerprint of Alice?
Alice stated to Bob that X is her physical fingerprint.
Problem:
How to make Bob trust that X is really a physical fingerprint of Alice?
How to prevent Alice from creating multiple identities (let’s assume she has only one physical finger… Continue reading How does Bob trust that X is a physical fingerprint of Alice?
From Australia’s Guidelines for Cryptography:
For most purposes, a hashing algorithm with an output size of 224 bits provides 112 bits of effective security strength, with larger output sizes providing more bits of effective security stre… Continue reading Does it make sense to disallow SHA-224 and SHA-256 to defend against quantum computers?
For websites that have nothing of value nor any personal data, that only have emails and hashed passwords, the only motivation for attackers (except those who just want to be locally disruptive) is to break passwords that people might reus… Continue reading Why are obsurantist approaches to improving password hashing security ineffective? [closed]
For websites that have nothing of value nor any personal data, that only have emails and hashed passwords, the only motivation for attackers (except those who just want to be locally disruptive) is to break passwords that people might reus… Continue reading Why are obsurantist approaches to improving password hashing security ineffective?
I have just started trying to learn to do some basic forensics tasks to try to find data hidden in a file. I am specifically trying to find hashes hidden within files, but I have been unsuccessful and I am not sure how best to proceed (I k… Continue reading Identifying hidden hashes in files [closed]
I am working on a web app and need to have access to a user’s salted hash email in middle-ware. The simplest way to do this, for me, would be a cookie. Since this is a salted sha256 hash, even if the cookie was stolen the hacker could not … Continue reading Can I store a salted hash (sha256) of an email in a user’s cookies? [migrated]
I was thinking of implementing this in software, starting with one password, with each new release being derived from that initial password.
(trying to find the name of this technique, I think it’s called a “hash chain”)
That way you can g… Continue reading Encryption password in program, to secure its centrally-stored settings?
According to my research, if you want to store passwords securely, you should use built-in hash functions that have been vetted by the professionals. Best practices recommend that you do not add a hard-coded pepper.
But why not?
Let’s say:… Continue reading Why do best practices recommend against adding your own pepper to passwords before hashing?
I am using graphql and my login function is resolved using a promise. The username is an email address.
The steps in the logic are the following: –
Validate CRSF token else return generic response ("Invalid username or password"… Continue reading Preventing authentication (login) timing attacks in a nodejs application