Collaborate Disseminate
I recently found out that a VPN service does not hash their customer passwords and I need professional insight on how to deal with this.
Here’s how I found out:
Bought a subscription on the wrong email address.
Changed the password for th… Continue reading Found out that a paid VPN service emails plaintext passwords [duplicate]
Within my API backend i have a unique KeySalt for every API Key
public string Key { get; set; }
public byte[] KeySalt { get; set; }
public string KeyHash { get; set; }
When the user creates a new API key, I present the generated Key onl… Continue reading What is the point of hashing an API key?
I’ve relied on Standford PwdHash for years to hash my passwords. It has never failed me until today. But if this doesn’t get fixed I may have to do a lot of password resets. So I hope this is a temporary problem.
Today I went to https://ww… Continue reading Did Stanford PwdHash get taken down?
I’d like to have a table of executables that are allowed to be run on the machine with everything else not getting executed even when the executable flag is set. For instance via a config file like this:
| command | location … Continue reading Is there a way to specify in a table which executables (via locations & hashes) are allowed to run on Debian? [migrated]
To help ensure authenticity of packages some projects on GitHub and on GitLab add hashsums to the descriptions of the release on the Releases page.
Sometimes, at least here, the hashsum are made part of the release’s filename. Sometimes, a… Continue reading How can the authenticity of releases on GitHub and GitLab be ensured? Can their hashsums change?
I have a use case where I need to build a unique identifier for my users with the email address and the "family member number". However, the two personal informations used to build the identifier must be hidden. I thought using a… Continue reading Bijective function with unknown reciprocal function [migrated]
We’ve recently had a penetration test for one of our applications.
The Penetration Testing company identified that our application lacks protections against brute-force attacks on the login page.
Ref: https://owasp.org/www-community/contro… Continue reading Is using PBKDF2 good protection against brute-force attacks on web application login pages?
I have an API that is handling a lot of volume and is using Basic authorization. This is causing me some performance issues and I’d like to move to token based auth but for various reasons, including problems forcing integrated parties to … Continue reading Is caching the credentials hash and auth result secure?
I read that when salting passwords, it is advised to use a h(pwd||salt) construction instead of h(salt||pwd), the latter being vulnerable to a length extension attack.
What are possible scenarios in which being able to extend a salted pass… Continue reading Password salting vs. length extension attacks
Guys i really need help i just want to know how to hack an instagram account
PS:i can’t promise you that i give you money
Thanks for anyone will help appreciate it