Collaborate Disseminate
During a recent security audit, we found that a handful of accounts still have credentials identified as stored in LM hash format. For us, these were ancient service accounts and the like – easy enough to disable the credentials with group… Continue reading Discover AD accounts with LM Hashes
I want to know how to identify a cyphertext.
For example, let’s say I have the following ciphertext:
Encrypted link:
{"link":"MUHyGgXHcq3lDzU5IXUsHOJFUxsQMGEfqaZMpesb7lqfoRzaTp7NHCHYsqMV2IWJjVson+unNhBY0CPtAYvYd2aBHg7IO7KrIH… Continue reading How to identify encryption type [closed]
I curious about hashing, because normal hashing is static, it means that a string that gets hashed will always be the same (except for using salt). Because of that situation, there are many websites that are able to "crack" a has… Continue reading When will hashing no longer be useable?
I’m curious about hashing, because normal hashing is static, it means that a string that gets hashed will always be the same (except for using salt). Because of that situation, there are many websites that are able to "crack" a h… Continue reading When will hashing no longer be useable? [closed]
In Immersive Labs lab "Password Hashes II"
What is the plaintext password of ‘hash part 1’ in the shadow file?
shadow.txt contains:
part1:$6$WJ9Y7LHr$S3SdnPsXhCzHetPz0CL6TL7gZdeVK/8DZjWvWuKss7gh8CR1VHkwbJyBufg19.4igURrZ6KkZ1rpE… Continue reading What is the plaintext password of ‘hash part 1’ in the shadow file?
At my Company, we put a honeypot in our network and it raised us the Lansweeper SSH password used to connect to the scanned assets (and it is reusable over many boxes…).
So it is a way for an attacker to get sensitive passwords in a corp… Continue reading Is this Wikipedia article about SCRAM wrong?
The situation: Currently, we are sending out emails and SMS to our users, which include a link to a form that each user has to fill out on a regular basis (an "eDiary"). As we need to be able to authenticate and authorize the use… Continue reading What’s a "safe" URL shortening algorithm?
I had a discussion with a friend today about his password hash comparison. I argued that you can’t return false on the first hash mismatch you have and I sent him a link to an article about a Java timing attack that happened in Java 6.
pub… Continue reading Timing attacks in password hash comparisons
I want to prove that the source code I am using is the same as the open-sourced version, which is publicly available. My idea was to publish a hash of the open-sourced version and compare it to the hash of the deployed server at boot. Howe… Continue reading Cryptographically prove open sourced source code of server
I’m reading rfc5652, there are different references of the two algorithm identifiers.
For example in this ASN.1 structure :
https://tools.ietf.org/html/rfc5652#section-5.3
When using RSA for signing; isn’t the digest algorithm represents t… Continue reading What’s the difference between digest algorithm and signing algorithm? [migrated]