Collaborate Disseminate
Sometimes there’s no tar release for some repo in github, and the download as zip button only generates a random zip with random hash. So, in my Dockerfile, I want to clone a repo but be able to check against some hash to prevent tampering… Continue reading Can I trust a hash commit for integrity of the entire repository?
Hashcat uses Markov chains by default when using brute force mode. Do they really speed up the cracking since a randomly generated password normally has the same probability for every combination?
I am having trouble to understand how a TLS certificate is authenticated.
From what I read, a server’s leaf certificate contains:
Server domain name
Server public key
Issuer (CA) domain name
Issuer (CA) signature of this certificate
How … Continue reading How is a TLS certificate authenticated, down to a code level? [duplicate]
I am not sure if this makes sense. But hashes essentially:
H(data) -> random
Where even small changes of data produce a completely random output.
I want a hash function that if the input data only changes a "small amount" then… Continue reading Is there a "really bad" hashing function that given small changes in the input the hash also changes small or not at all?
My webapp takes in email addresses as user names at registration, verifies ownership by sending emails with confirmation links, etc.
I’m now looking for a secure design of a user deletion feature, such that despite the account being delete… Continue reading Design for deleting users accounts, yet knowing when they register again
What is a good wordlist for German WiFi passwords?
Continue reading What’s a good wordlist for German WiFi passwords? [closed]
I was creating self-signed certificate with OpenSSL and had to choose encryption and hash algorithm.
Are those algorithms used for encryption between client and a server?
If not, then what are these algorithms for?
Continue reading Certificate encryption and hash algorithm [duplicate]
When a Windows .exe installer is code-signed, I thought that modifying a single byte (thus changing its SHA256 hash) would make the digital signature invalid, but surprisingly, this is not true.
Indeed, as reported two days ago in Each Fir… Continue reading How can a .exe be modified and still keep a valid digital signature?
In a nutshell, I need:
to hash a file and to make this hash public, to be able to prove data integrity when sharing the data privately with a trusted third party.
to choose the right hashing method to prevent plausible brute force attacks… Continue reading How to securely hash sensitive data and make the hash public, while preventing an attack by someone who know the structure or some part of the data?
When a user changes password, I’d like to implement a simple check that prevents them from reusing the same password. If the new password matches the old password, reject with an error.
Sounds easy, but at the same time I’m aware that hash… Continue reading Hash collisions in password history