Collaborate Disseminate
Using openssl to generate a CSR:
> openssl req -newkey rsa:2048 -nodes -keyout key -out mycsr.csr
It outputs the mycsr.csr file along with the key file.
The content of mycsr.csr:
—–BEGIN CERTIFICATE REQUEST—–
MIICsDCCAZgCAQAwazEL… Continue reading How is CSR encrypted?
I have made a 7z archive using Delta filter containing a wav file and I have protected it with a password. I am running a terminal in Kali Linux. My problem is that I cannot get the password cracked using 7z2john.pl and John the Ripper. If… Continue reading Decrypting a password-protected 7z file with Delta filter fails
Specifically, I’m looking to determine if tripcodes for users on 4chan could have been migrated to 8chan, and then to 8kun.
My (limited) understanding of this mechanism is that each server creates its own unique hash table and therefore DE… Continue reading Is it possible to port or migrate tripcodes from one server to another?
I am planning to create an API key using the user’s password as message and a random number assigned to that user in my database as key (or vice-versa). I will then store the hash of that API key in my database.
This will make it possible … Continue reading Is it safe to use HMAC to create an API key?
Let’s say we have a separate hashing algorithm called s2 and it would convert Hello into dug84nd8.
If we could take the algorithm and just reverse engineer it to generate a string like 8GN492MD that would also output dug84nd8, wouldn’t it … Continue reading Couldn’t we create a string that produces the same hash as another string in SHA-256?
Why is it a bad idea to encrypt a salted password hash with RSA (or maybe other public-key algorithm) before storing it?
Continue reading Encrypting a salted password hash with RSA before storing in a database
I have read here and here, that instead of using pepper, it is better to encrypt hashed/salted passwords before storing in the database. Especially with Java, as there’s no library for salt/pepper, but just for salt hashing, and I’m not go… Continue reading Encrypting salted password hash before storing in the database
Say we have a one-time password authentication system that uses a Merkle tree. Assume that the secret keys are of the form {sk0, sk1, …, sk7}, and at time t = 3 an attacker recovers sk6. Will he/she be able to recover any of the previous… Continue reading Forward secrecy in Merkle trees vs. hash chains
Not sure if things belongs in Crypto SE or here but anyway:
I’m building an app and I’m trying to decide whatever is secure to protect user passwords in transit, in addition to TLS we already have.
In server side, we already have bcrypt pr… Continue reading Is using Argon2 with a public random on client side a good idea to protect passwords in transit?
I have recently read an article about storing passwords safely and I have a few misunderstandings. I found out 4 ways of storing users’ passwords:
Just keep them in plain text
Keep passwords in plain text, but encrypt the database
Hash a … Continue reading Why are salted hashes better than just hashing?