Collaborate Disseminate
I have to deal with a place that has some terrible security practices. For example, this place gives people passwords (eg. domain logon on Windows, but paired with their name as the username) that is also used for identification purposes (… Continue reading Store a password as an identifier (as safely as possible)… since there is no other choice
Supposing a user of my system has set their password to Password123
At the login screen, what would be the security implications of me accepting:
Password123 or
Password1234 or
Password123ABC
Based on the fact they all start with the passw… Continue reading Is it sensible to accept a password + any other random characters for successful authentication?
I am trying to achieve better security in my authentication system implementation with both server-side hashing and client-side hashing. (See the first reference below for more prerequisite knowledge.)
As I understand it:
I am using SHA256 to create a hash. Output is captured as a text string (thus "A245B6FF") and that is what has been used to create the digital signature. Since the hash could have been captured as binary and the binary represen… Continue reading Binary versus ASCII representation of a hash – which is more secure
after 68 days, the speed drops every time ,what is the reason for this?
Continue reading John the Ripper the speed drops every time [closed]
When the client is logging in, I send an xhr request to the server. However the request looks like this:
localhost:80/api/login-ajax/&username=johndoe&password=123456
This is insecure for obvious reasons. To secure this, I did the … Continue reading Secure ajax login form
I thought of an approach to password generation that I haven’t heard of anyone else using. It almost seems too good to be true so I wonder what the downsides are. I’m well aware that you shouldn’t "roll your own" and that even if… Continue reading Does hashing syslog (or similar) make for good passwords?
Does there exist any hashing algorithms suitable for comparing data that is similar but not exact matches?
For example one where similar input data generates a similar hash, with the difference in the hashes being proportional to the diffe… Continue reading Does there exist any hashing algorithms suitable for comparing data that is similar but not exact matches?
Can we find out the encryption method used if we know what is encrypted inside? Let’s assume there are around 7-digits 22 or 26 codes (passwords ie just decimals) encrypted to 832 characters hexadecimal. Especially, If we know some of thos… Continue reading Is it possible to find out the encryption algorithm used from hexadecimal hash? [duplicate]
I read about Recommended # of iterations when using PBKDF2-SHA256?
I have also read in Why not just use a small but unusual number of hashing rounds? that when there are multiple password to protect, the moment one is cracked the hacker wi… Continue reading Does using a random number of iterations for PKBDF2-SHA256 help if I only have to protect one key used to encrypt a password protecteded file?