Collaborate Disseminate
Being interested in security, hashing in particular, I thought of a strategy that could either help or compromise password security.
The main way to ‘break’ hashes is to brute force them.
So, while sometimes it is hard to tell, most of the… Continue reading Is this idea for secure password storage a good one?
I’m working on making an end-to-end encrypted app that will store sensitive mental health information. The goal is to make it completely impossible for someone with access to the server to see the users raw data. The server acts only as a … Continue reading Is it safe to derive the salt from the users email/phone number when pre-hashing a password to be sent to a server?
Background:
We have an application with password authentication. We now need to raise the number of PBKDF2-iterations and this means that the login takes quite a bit longer than before. Therefore, instead of a spinning wheel animation, we … Continue reading How to track PBKDF2 progress?
Ok- so you all probably know that a hash is used to help secure a stored password in a database, if it was stolen.
When a user logs in, and enters a password, it gets hashed, and then matched to a hash in the name of the user that tried to… Continue reading How do databases/companies change their hashing algorithm? [duplicate]
The Task is kind of a CTF task that I was given and I have no idea how to do this.
I had to crack a password on a zipfile and then crack the 3 hashes in the txt file within the zip file. I cracked the zip fine and I used ophcrack on the tx… Continue reading Is there anyway to crack this salted Hash? [closed]
I’m trying to learn how to unlock locked zipfiles. And every hash I try keeps being "unknown". I’ve tried HashID and online programs but they all return unknown.
Hash:
testing.zip/testing.txt:$zip2$*0*3*0*fe981abbfdd3fa778be4a005… Continue reading Unknown Hash ID [closed]
Referencing this document, they give justifications for a number of their recommendations, but not any behind only going with 1 degree of parallelism for using Argon2id. Is there a reason why this is recommended that is unmentioned there?
… Continue reading Why does OWASP recommend only 1 degree of parallelism for Argon2id
Hypothetically, would it be safe to encrypt company text only files with the less secure MD5 hash, if the files are all stored locally on local servers with their own security measures?
Continue reading Is it safe to encrypt company text files with MD5 hash?
How could one verify the integrity of all binaries of packages installed manually via installers and dpkg on Debian/Linux?
So far the only thing I could think of is this:
verify that which veracrypt returns /usr/bin/veracrypt
So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are stored in the database.
Now, I was wondering… Continue reading Question about storing salt values and hashed passwords in the database [duplicate]