Collaborate Disseminate
I’m trying to build a list of configuration files that store secrets in Linux. By secrets I mean files that contains passwords, database string connection, hashes etc. The most notable example is, of course, /etc/shadow. /etc/pki/* is also… Continue reading Which config files in a linux install contain passwords or other secrets?
I would like to hash user password with Argon2id, then use this hash as ECDSA private key. I made some tests with Python and passlib.hash and found following parameters:
memory: 32 MB
iterations: 100
hash length: 32 bytes (the same as ECD… Continue reading How to assess security of Argon2 parameters [duplicate]
My users (researchers) will be storing where their website is on a mysql database on my server.
Ideally I want to hash the locations so that when the researchers’ participants submit their data to my server, I can confirm whether the websi… Continue reading one-way hash with PhP onto MySQL database (NOT for password)
When downloading files (mainly software/installers) from pages in browsers, sometimes it comes also with a cryptographic hash or a signature to verify the authenticity of a file against data manipulation (example below).
Why there isn’t … Continue reading Why there is nothing that automatically checks signatures of files downloaded in browsers? [duplicate]
Note: I’ve already read Is it ok to send plain-text password over HTTPS? and https security – should password be hashed server-side or client-side?, but here it’s about a specific replacement method (see below).
After reading an article a… Continue reading Alternatives for sending plaintext password while login
How are secret keys shared between receiver and sender, especially when we want to have confidentiality that sender and receiver are using two keys, one for MAC algorithm and one for encryption and decryption?
How do they share these two k… Continue reading how message authentication code share keys?
Given 2 entities, A and B:
A has a public key( x ) and a private key( x* ).
B has a A’s public key hash( let’s call it h(x) ).
A has to prove ownership of x* to B.
How could this be achieved, considering the fact that B is not allowed to s… Continue reading Private key Proof of Ownership [closed]
I need to generate a MAC signature for data on a website, but it’s in a HTML templating system where there’s only a few functions available. The only hashing function available is md5. Ideally, I’d use a real hmac function, but since that’… Continue reading Is md5(data + key) secure if a proper hmac function isn’t available?
I wanted to try new sha3sum so I installed libdigest-sha3-perl on Debian 10. After reading man page I quickly realized that:
sha3sum –algorithm 256 test.txt
produces similar output to sha256sum and that
sha3sum –algorithm 512 test.txt
pr… Continue reading What do algorithms `128000` and `256000` do in `sha3sum`?
Given the following situation: we have sensitive information and want to give a user access to it. At this point the user might not have interacted with our system yet.
We generate a random code that we send to a user to grant him access t… Continue reading Appropriate length and slow, unsalted cryptographic hash function for random codes?