Collaborate Disseminate
I read that when salting passwords, it is advised to use a h(pwd||salt) construction instead of h(salt||pwd), the latter being vulnerable to a length extension attack.
What are possible scenarios in which being able to extend a salted pass… Continue reading Password salting vs. length extension attacks
Guys i really need help i just want to know how to hack an instagram account
PS:i can’t promise you that i give you money
Thanks for anyone will help appreciate it
During a recent security audit, we found that a handful of accounts still have credentials identified as stored in LM hash format. For us, these were ancient service accounts and the like – easy enough to disable the credentials with group… Continue reading Discover AD accounts with LM Hashes
I want to know how to identify a cyphertext.
For example, let’s say I have the following ciphertext:
Encrypted link:
{"link":"MUHyGgXHcq3lDzU5IXUsHOJFUxsQMGEfqaZMpesb7lqfoRzaTp7NHCHYsqMV2IWJjVson+unNhBY0CPtAYvYd2aBHg7IO7KrIH… Continue reading How to identify encryption type [closed]
I curious about hashing, because normal hashing is static, it means that a string that gets hashed will always be the same (except for using salt). Because of that situation, there are many websites that are able to "crack" a has… Continue reading When will hashing no longer be useable?
I’m curious about hashing, because normal hashing is static, it means that a string that gets hashed will always be the same (except for using salt). Because of that situation, there are many websites that are able to "crack" a h… Continue reading When will hashing no longer be useable? [closed]
In Immersive Labs lab "Password Hashes II"
What is the plaintext password of ‘hash part 1’ in the shadow file?
shadow.txt contains:
part1:$6$WJ9Y7LHr$S3SdnPsXhCzHetPz0CL6TL7gZdeVK/8DZjWvWuKss7gh8CR1VHkwbJyBufg19.4igURrZ6KkZ1rpE… Continue reading What is the plaintext password of ‘hash part 1’ in the shadow file?
At my Company, we put a honeypot in our network and it raised us the Lansweeper SSH password used to connect to the scanned assets (and it is reusable over many boxes…).
So it is a way for an attacker to get sensitive passwords in a corp… Continue reading Is this Wikipedia article about SCRAM wrong?
The situation: Currently, we are sending out emails and SMS to our users, which include a link to a form that each user has to fill out on a regular basis (an "eDiary"). As we need to be able to authenticate and authorize the use… Continue reading What’s a "safe" URL shortening algorithm?
I had a discussion with a friend today about his password hash comparison. I argued that you can’t return false on the first hash mismatch you have and I sent him a link to an article about a Java timing attack that happened in Java 6.
pub… Continue reading Timing attacks in password hash comparisons