Collaborate Disseminate
Context:
When the Twitch whole code repository was leaked, it created multiple discussions on social medias.
And one day I was on Reddit and said that the leak of the hashing algorithm and the salt would possibly put ALL of the website acc… Continue reading How bad would a Hash algorithm leak would be?
I have a file zip locked and I used zip2john.exe "file" > hash.txt since it contains videos and pictures it is big and hash is so long that I don’t know how to make it readable by hashcat. I know that these forum is not for ha… Continue reading zip2john hash to hash readable by hashcat
I have video files stacked in zip and I forgot the password.
I want to use hashcat, because john will take much longer, but the hash from hash zip2john isn’t compatible and I don’t know how to convert it
Hash from zip2john:
$zip2$*0*3*0*… Continue reading Converting zip2john output to hashcat
I have a microservice which sole purpose is to serve as a cache for other microservices. The point of the cache is to speed up processing, but the strong password hash algo counter that purpose. (Company policy require all service to be se… Continue reading Weak password hash + strong rate limiter = secure?
So if I got this right from my intense research, the following procedure would be preferrable:
Use the PBKDF2 key derivation function to derive a secret key from the users password on the client side.
Use the derived key, which was generat… Continue reading Algorithms when using client side hashing plus server side hashing
A while ago I wanted to deploy a service using a OCI (docker/podman) container, and I noticed to me, what seemed like a possibly distributing trend. In the build file for a lot of the containers, the password is put there in plain text in … Continue reading Passwords/password hashes in plaintext in service configs – why is this common practice?
I am trying to follow the example of how a hash length extension attack works using the article here: https://www.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
In this, the author has a concrete exa… Continue reading Trouble understanding hash_extension tool examples for hash length extension attack (C#)
Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself ?
Surely there is a simple mathematical explanation. I asked Bing AI Chat and she said :
How do I indicate that a specific document or transaction associated with a particular signature should no longer be considered valid?
I’m talking of recalling a signed document, not revoking the private key, because with the private key I… Continue reading Revoking a digital signature at the cryptographic level
Is there anything that works like the opposite of a hash algorithm?
Today we know many hash algorithms, which take an input, perform some math on it, and output a value which is different than the input and can’t be used to determine the i… Continue reading Hash function the other way around [closed]