How many hash algorithms are there in total? [closed]
How many different hash algorithms are there in total?
Continue reading How many hash algorithms are there in total? [closed]
Category Archives: hash
Why we need complicate truncation for the OTP?
If we assume that Time based OTP generates the OTP using the hash function like SHA-3. Then, the generated OTP would Hash(Secret, Shared time).
We want a shortened string rather than a full hash string, so truncation is needed.
But that ha… Continue reading Why we need complicate truncation for the OTP?
AES Encryption vs hash function with the strong assumption of input size and secure key?
There are plenty of questions about the difference between AES encryption and hash functions.
I read some of them and the general answer is that
AES is reversible as long as the key is exposed.
AES has fixed input size and hash does not.
… Continue reading AES Encryption vs hash function with the strong assumption of input size and secure key?
HMAC SHA256 by using a static key + text as a key
Maybe it’s not a good idea, but I would like to check it with you.
When using HMAC SHA to hash a clear text value (string max 30 char) I need to use a key (256) but in my scenario this key is static and always the same each time I need to … Continue reading HMAC SHA256 by using a static key + text as a key
Can I find the private key on an old Android Wallet’s source code?
I recently found an old wallet from my younger self with God-knows what kind of embarrassing data on it. I only found the back up files on a cloud service and did some digging as to what it was when finally found out that it was Pocket for… Continue reading Can I find the private key on an old Android Wallet’s source code?
Is this code vulnerable to "Client DOM Code Injection". Checkmarx scan is saying yes, but I don’t see how [closed]
Apologies if this is a basic question.
I’m trying to understand why checkmarx scan thinks the below code is vulnerable to "Client DOM Code Injection". It says
The application’s function method receives and dynamically executes
u… Continue reading Is this code vulnerable to "Client DOM Code Injection". Checkmarx scan is saying yes, but I don’t see how [closed]
Are hashed passwords transferred to a server for user authentication? [duplicate]
A question I came up with while reading in my information security class. Let’s say website ABC which uses username and password combinations to authenticate users and has a user John. When John goes to ABC.com to log in to his account and… Continue reading Are hashed passwords transferred to a server for user authentication? [duplicate]
Verify password before decrypting data
I need to verify a password before decrypting the data. My encrypted data is too big and waiting to see if the authentication tag is correct is out of the question. I’m using Argon2id as my KDF. My question is, can I hash the derived key w… Continue reading Verify password before decrypting data
For common hashes, are their collision risks similar when considering only the first N bytes?
Question in short:
If I consider just the first 16 bytes of SHA-1 and SHA-256 hashes, do they have substantially the same collision risk?
Background:
I have an application where I need a 16-byte (exactly) hash of a short string (a few byte… Continue reading For common hashes, are their collision risks similar when considering only the first N bytes?
With password cracking, what is the fastest known password cracking rig in hashes per second?
To properly assess password strength, I have been trying to research what the fastest known password cracking rig is in hashes per second.
HashCat claims that their software is the world’s fastest, and the current version is v6.2.5. I also… Continue reading With password cracking, what is the fastest known password cracking rig in hashes per second?