Collaborate Disseminate
At $work we need to store a sensitive attribute of a user (say SSN – so, short and with a small keyspace) and look up the user based on this attribute when data is submitted into our system. We cannot use off-the-shelf bcrypt/scrypt/etc. b… Continue reading How can I securely store a sensitive user attribute used for account lookup?
Trying to crack a hash that’s 8 numeric characters. But am confused on how to create the wordlist for the program to try all the passwords containing only numbers. Can anyone point me in right direction?
My application requires users to connect via different protocol that each have different auth flows and hash requirements, in particular Argon2 and SHA-256 (for SCRAM-SHA-256).
To allow both types of authentication at the same time I would… Continue reading Storing multiple hashes of the same password
I’m writing my own networking layer for my video games startup and am using TCP for connection/authentication. I wanted to know how safe my authentication scheme was and what I could do to improve it.
Our apps aren’t web, and they run most… Continue reading What’s wrong with my app authentication scheme?
Hacking — at least the kind where you’re breaking into stuff — is very much a learn-by-doing skill. There’s simply no substitute for getting your hands dirty and just trying …read more Continue reading Hacking an IoT Camera Reveals Hard-Coded Root Password
I am currently developing a web application where I need to ensure that retrieved data (stored in database) have been generated by one or multiple (in the case of clustered applications) application. The idea would be to store a hash of th… Continue reading Authenticate web application generated data
Content removed because this was spam
May I have some guidance for a project I am working on?
These are the requirements:
A Dataset needs to be submitted in a .csv format, delimited by ‘|’
The Dataset needs to be submitted periodically (once per month)
There are ID columns in… Continue reading Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt
A common principle in InfoSec is Defence-In-Depth.
When encrypting sensitive data, it might make sense to have the data encrypted a few times.
Veracrypt does this for example with the AES-Twofish-Serpent algorithm
A good practice is to sto… Continue reading Multiple Layers of Hashing when storing passwords [duplicate]
I’m currently designing a user authentication system for a web application, and I am considering best practices for storing user login information. While it’s common to hash and salt passwords (with bcrypt/argon2) to protect against data b… Continue reading Should mail addresses for logins be stored hashed to minimize impact of data loss?