Collaborate Disseminate
I was thinking of implementing the following scheme for encryption of many independent files:
From the password, which is given by the user, generate a master key using for example HMAC-SHA.
From this master key, a subkey is derived for e… Continue reading Does using subkeys provide better protection in this instance?
I am trying to figure out how to build a secure, playback-proof, web authentication scheme and at the same time be able to use a KEK at the server.
After a lot of reading it seems that a reasonable way to validate the password between the … Continue reading Web authentication, replay, nonce and KEK
Suppose I have an application, which when opened asks you to open a file and then "unlock" that file using a password that’s configurable by the user.
The file should be encrypted with something like AES-256, right? The key woul… Continue reading Securing data stored on a file
Is it possible to reverse a password hashed with bcrypt?
Continue reading Is it possible to reverse a hashed password? [duplicate]
I was reading this article which talks about a design to shorten URLs, and in the design section, it says that the given URL can be hashed using a hashing algorithm such as MD5, and then be encoded for display purposes using base64 or simi… Continue reading Why would one need to encode an MD5 hash string? Is it unsafe to display unencoded?
I’ve got a task from my professor and unfortunately I’m really confused.
The task:
Find a string D1 for which hash(D1) contains 4 first bytes equal 0.
So it should look like "0000….."
As I know we cannot just decrypt a hash, an… Continue reading Find a string for which hash() starts with 0000 [migrated]
I know there are various questions that seem similar, for instance, this one. However, it does not answer my question.
I’m creating a signup/login system (with node.js to be particular), and I’m trying to hash the user’s password (with bcr… Continue reading How can I use a unique salt for each user
I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last … Continue reading How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt
I am generating random OTP-style strings that serve as a short-term identifier to link two otherwise unrelated systems (which have authentication at each end). These need to be read and re-entered by users, so in order to reduce the error … Continue reading Picking a check digit algorithm
We use multiple kinds of token in our system for :
Invitation to joint a group
Account creation (validate if the user possesses the email address)
Validate email address
The tokens are sent in a link in an email. I have been asked to inc… Continue reading Display a token’s expiration date to a user