Collaborate Disseminate
I have a formula to create a password hash as written below.
// EncodePassword encodes a password using PBKDF2.
func EncodePassword(password string, salt string) (string, error) {
newPasswd := pbkdf2.Key([]byte(password), []byte(salt),… Continue reading How can I brute-force a password hash if I know the formula? [closed]
I was burning an iso file into the sd card with pi imager and I doubled checked the hash before the burning and after and I got different results
sha256sum kali-linux-2022.4-raspberry-pi-arm64.img.xz
fba37da4901558479de64fd886937e3d4653e9a… Continue reading The hash of kali-linux-2022.4-raspberry-pi-arm64.img.xz changed after burning it into an sd card
I’d like to hash email addresses with the same salt to make the hash searchable\indexable and make it hard to figure out the actual data. I wanted to use bcrypt, but I found that from PHP 7 custom salt is not supported by the password_hash… Continue reading PHP 7+ custom salt hashing algorithm [closed]
I’d like to hash email addresses with the same salt to make the hash searchable\indexable and make it hard to figure out the actual data. I wanted to use bcrypt, but I found that from PHP 7 custom salt is not supported by the password_hash… Continue reading PHP 7+ custom salt hashing algorithm [closed]
I’d like to hash email addresses with the same salt to make the hash searchable\indexable and make it hard to figure out the actual data. I wanted to use bcrypt, but I found that from PHP 7 custom salt is not supported by the password_hash… Continue reading PHP 7+ custom salt hashing algorithm [closed]
I would like to map strings of arbitrary length to hashes of 10 character length.
The length of the alphabet is of 64 characters (0-9, A-Z, a-z, _, -).
Obviously 2 same strings must produce the same hash.
I have the following doubts:
I would like to map strings of arbitrary length to hashes of 10 character length.
The length of the alphabet is of 64 characters (0-9, A-Z, a-z, _, -).
Obviously 2 same strings must produce the same hash.
I have the following doubts:
One of the banks uses this method of incomplete password validation – where you are only required to enter some random characters of the password – as shown here
It got me thinking:
how do they do this safely? are there any algorithms fo… Continue reading Password hashing and validation with only some subset of characters [duplicate]
I am new to type juggling attacks in PHP, and only just encountered a magic hash exploit in a war game recently.
Could someone explain why the below PHP code evaluates to true?
I understand that the ‘e’ letter for exponent causes PHP to th… Continue reading Type juggling in PHP [migrated]
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Here is my methodology:
Reset the password for user memtash which causes me… Continue reading Crashing the sha1() function in PHP?