Collaborate Disseminate
How does John The Ripper work when trying to crack passphrase of a private ssh key? What steps are involved when it tries to do so? What’s the role of ssh2john in the whole process?
Continue reading How does john the ripper crack ssh private key passphrases?
I’m trying to understand how the hash length extension might work on real web applications using a hash for MAC.
Especially what I don’t get is, how the application considers the evil forged hash valid.
Let’s say we have an app which sends… Continue reading Fail to understand how hash length extension might work in real application
I’m trying to crack a MySQL323 hash and I’m unable to get it done.
I was able to confirm tye hash type:
I came across https://www.tobtu.com/mysql323.php.
I can run it as "mysql323 32.exe" [number of threads] [hash] [keyspace-fil… Continue reading crack MySQL323 hash
You have a 2048 bit private key. You generate an IV for the message you are going to encrypt. Next, you take the first block of plaintext and SHA256(IV + 2048 bit key). You use that hash as a key to encrypt the first block of plaintext … Continue reading An attempt at using AES as a stream cipher
I have no cyber security knowledge whatsoever, and am trying to safely store passwords in a database. I understood I need to use salt, to avoid rainbow table attacks and to make sure two users with the same password will have different pas… Continue reading Does complexity of salt in password hashing matter?
I recently found out that a VPN service does not hash their customer passwords and I need professional insight on how to deal with this.
Here’s how I found out:
Bought a subscription on the wrong email address.
Changed the password for th… Continue reading Found out that a paid VPN service emails plaintext passwords [duplicate]
Within my API backend i have a unique KeySalt for every API Key
public string Key { get; set; }
public byte[] KeySalt { get; set; }
public string KeyHash { get; set; }
When the user creates a new API key, I present the generated Key onl… Continue reading What is the point of hashing an API key?
I’ve relied on Standford PwdHash for years to hash my passwords. It has never failed me until today. But if this doesn’t get fixed I may have to do a lot of password resets. So I hope this is a temporary problem.
Today I went to https://ww… Continue reading Did Stanford PwdHash get taken down?
I’d like to have a table of executables that are allowed to be run on the machine with everything else not getting executed even when the executable flag is set. For instance via a config file like this:
| command | location … Continue reading Is there a way to specify in a table which executables (via locations & hashes) are allowed to run on Debian? [migrated]
To help ensure authenticity of packages some projects on GitHub and on GitLab add hashsums to the descriptions of the release on the Releases page.
Sometimes, at least here, the hashsum are made part of the release’s filename. Sometimes, a… Continue reading How can the authenticity of releases on GitHub and GitLab be ensured? Can their hashsums change?