Collaborate Disseminate
This is a slightly tough one to explain with my current experience, lacking mainstream terminology. But here goes.
I have an encryption/security model whereby I do not store users plaintext passwords. It’s pretty simple actually:
1 – on si… Continue reading How can a users plaintext password be acquired while using biometricID with the following security model?
When somebody wants to find out a password by using its hash, he can use for example John the Ripper.
Then he runs the application for days or weeks or years, hoping to somewhen guess the right result.
All the negatives (not working attemp… Continue reading Why can we not store all hash results in a database and look them up?
I’m trying to grasp which benefit can KDF like PBKDF2, scrypt and bcrypt (I know that bcrypt is technically not KDF) may bring over hashing in loop like sha256sum(sha256sum(sha256sum…..(salt + master password))) – N times, where N equals… Continue reading KDF vs hash function in loop for hashing password
I’m looking for the name of a concept that works as follows:
I post a hash of a file publically e.g. on Twitter
Whenever needed, I provide the file with the contents that make up the given hash
The purpose is maybe to proof ownership or … Continue reading What is the name of this concept involving hashes?
Suppose I have a resource that I want to be accessible only using a specific link. I could generate a link using a 256 bit random identifier, e.g. https://example.com/aMXtSQufIxntoMSnTQGdgMfs84VzM-ae7gog1hoqojS—then only the user in posses… Continue reading Random identifier vs identifier plus HMAC
I was trying to use the following format with John:
john –format=dynamic=’crc32($p.$s)’ –wordlist=/usr/share/wordlists/rockyou.txt hash.txt
"Error: dynamic hash must start with md4/md5/sha1 and NOT a *_raw version. This expression … Continue reading John The Ripper: dynamic format with CRC32 and Salt
What kind of security do you suggest for this case?
What do you think is the security flow?
It is happening in a web which download a PDF document, inside the document has a QR code. This QR code has a URL to the same web page, but display… Continue reading What kind of security is it? Base64/MD5. Key with 22 characters and 32 characters
I plan to use it locally on mobile devices. These seems to do not offer computational power as good as on a server.
So what could be a secure argon2id parameters that run around 1s since offline apps should also be friendly too?
I have a black-box token generation system from a Unity (Android) app, and the format is as follows (with one real example from the system, and unlabelled parts were identical for bunch of different tokens; "…" means the string… Continue reading Crack HMAC-SHA512 to find plaintext with the known secret key
Picture a state of the art implementation of a website registration and login system.
I’m interested in analyzing what a defender gains and loses by feeding the user password to a key-stretching KDF function (e.g. argon2).
Let’s start from… Continue reading On the gains and losses of an additional client side stretching of the user password