Collaborate Disseminate
To keep it short I’ve recently been learning about hashing and password hash cracking on TryHackMe.
I was tasked to crack the following hash: $2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm
When trying to crack with hashcat I … Continue reading For bcrypt why is JTR so much faster than hashcat?
So hello,
I made a .zip file which I saved all my photos and it been 3 years I don’t know the password but the password is encrypted hash.
Looks like this
Start:
bHQ4VNwAbe3bH3VoUfn+HLR4V
End:
alTrTagEhBhrpZXVPqr6jQ==
Its long as 152 b… Continue reading I forgot which encryption I use [closed]
I have an Android 11 device and many of my apps and system apps use MD5withRSA or SHA1withRSA as signature algorithm by default.
Why should I take my apps SHA256withRSA or SHA512withRSA? Are there any advantages, if so what are they? Are t… Continue reading Why should I go to SHA512withRSA signature for my Android apps?
I was practicing bruteforce attacks using John The Ripper. I want to crack a zip file. I obtained the hash and stored it in a zip file but when I attempt to crack the zip file it is giving me an error saying No password hashes loaded
Many IOT devices and routers manufacturers hardcode plaintext default passwords in their devices.
Why don’t they store the hashed password instead?
For what functionality do they need the plaintext password?
One problem with passwords is that if they can be broken as follows:
pick a random password
hash it
compare that hash to other known hashes
This way, you have broken the password. Then if you can access the hash of a password, you can re… Continue reading Why don’t companies just tie the password to the user name?
I am learning TLS handshake and find client/serve will negotiate a cihpersuite during client/server hello.
Usually, the last part of a ciphersuite is a hash algorithm, like SHA256 in ECDHE-ECDSA-AES128-SHA256. The second part of a ciphersu… Continue reading What is the relation between "signature_algorithms" handshake extension and TLS ciphersuite
I noticed that certain software does not provide hash anymore nowadays.
E.g.
Zoom
https://zoom.us/download
wolf@linux:~$ ls -lh zoom_amd64.deb
-rw-rw-r– 1 wolf wolf 44M Jan 1 00:00 zoom_amd64.deb
wolf@linux:~$
I’ve googled both md5… Continue reading How to verify integrity of software when the download provider doesn’t publish hashes?
When I generate an MD5 hash with a plain-text (password), I get:
$echo -n "password" | openssl dgst -md5 -binary | openssl enc -base64
X03MO1qnZdYdgyfeuILPmQ==
This works fine if I knew the plain-text, but I got an MD5 Hex stri… Continue reading MD5 Hex to Base64 String
I already know how to use password_verify and password_hash functions, but I don’t really understand how they work.
When I use them I do something like that:
$save_hash = password_hash( $password, PASSWORD_DEFAULT );
$check = password_veri… Continue reading How password_hash / password_verify can work with any arguments (PHP)