Passwords/password hashes in plaintext in service configs – why is this common practice?

A while ago I wanted to deploy a service using a OCI (docker/podman) container, and I noticed to me, what seemed like a possibly distributing trend. In the build file for a lot of the containers, the password is put there in plain text in … Continue reading Passwords/password hashes in plaintext in service configs – why is this common practice?

Trouble understanding hash_extension tool examples for hash length extension attack (C#)

I am trying to follow the example of how a hash length extension attack works using the article here: https://www.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
In this, the author has a concrete exa… Continue reading Trouble understanding hash_extension tool examples for hash length extension attack (C#)

Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself?

Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself ?
Surely there is a simple mathematical explanation. I asked Bing AI Chat and she said :

When … Continue reading Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself?