Collaborate Disseminate
I have just started trying to learn to do some basic forensics tasks to try to find data hidden in a file. I am specifically trying to find hashes hidden within files, but I have been unsuccessful and I am not sure how best to proceed (I k… Continue reading Identifying hidden hashes in files [closed]
I am working on a web app and need to have access to a user’s salted hash email in middle-ware. The simplest way to do this, for me, would be a cookie. Since this is a salted sha256 hash, even if the cookie was stolen the hacker could not … Continue reading Can I store a salted hash (sha256) of an email in a user’s cookies? [migrated]
I was thinking of implementing this in software, starting with one password, with each new release being derived from that initial password.
(trying to find the name of this technique, I think it’s called a “hash chain”)
That way you can g… Continue reading Encryption password in program, to secure its centrally-stored settings?
According to my research, if you want to store passwords securely, you should use built-in hash functions that have been vetted by the professionals. Best practices recommend that you do not add a hard-coded pepper.
But why not?
Let’s say:… Continue reading Why do best practices recommend against adding your own pepper to passwords before hashing?
I am using graphql and my login function is resolved using a promise. The username is an email address.
The steps in the logic are the following: –
Validate CRSF token else return generic response ("Invalid username or password"… Continue reading Preventing authentication (login) timing attacks in a nodejs application
I only store password hashes in the database and use them to verify the password entered by the user. As far as I know, reversing a hash is impractical. So even if I have the password hash, I can only compare it with other hashes, not calc… Continue reading Why is it a problem when password hashes are leaked?
I’m currently using PostgreSQL with the pgcrypto extension to store and verify user passwords. When a user logs in, I compare the entered password with the stored hash using the following query:
SELECT id FROM users
WHERE email = ‘example… Continue reading Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?
There is a bug bounty website, I can download any file uploaded on it, including files of other users. However, I need to know the md5 hash of a file to download it.
The uploaded files can be any type: images, pdf, video, audio, doc, etc.
… Continue reading Can we reduce the search space for viable MD5 hashes?
There is a bug bounty website, I can download any file uploaded on it, including files of other users. However, I need to know the md5 hash of a file to download it.
The uploaded files can be any type: images, pdf, video, audio, doc, etc.
… Continue reading Can we reduce the search space for viable MD5 hashes?
I did find some information online stating that LM hashes were deactivated by default since Vista / Windows Server 2008.
But when were NT hashes introduced for the first time?
(Also, do we have a primary source for this?)
Continue reading When did Windows switch to NT hashes? [closed]