Collaborate Disseminate
I have some passwords hashed with C# using Rfc2898DeriveBytes.Pbkdf2(bytes,src,5000,HashAlgorithmName.SHA1,24) (an older implementation) and would like to port this code to java.
However I don’t seem to get the two hashes to be the same.
… Continue reading Working Rfc2898DeriveBytes.Pbkdf2 in Java [migrated]
Recently, I was reading about Blake2B and its properties regarding randomness and security, and its connection to Daniel Bernstein’s CHA CHA digest. As a budding cryptographer, I find it doable to implement those algorithms, but I find it … Continue reading Construction of Blake2 and Cha Cha [migrated]
I encountered an open TCP/143 IMAP port which responded with this banner:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
From this I … Continue reading What does the IMAP banner alone show regarding security (STARTTLS, hashing, information disclosure)?
Sorry for offtopic alike topic, but this hash seems very strange.
It has no salt, so it makes it hard for me to determine the hash type
ABAnAAB8Ksf/5H4Tk2HavNzPESyUiz5WmRMFENal4otqLmJjAGf0PgM=:P@rtner1997
00102700007c2ac7ffe47e139361dabcd… Continue reading Identify Strange Hash [closed]
I am trying to use a user password in my application to both generate a password hash (for authentication) and to derive a secret key to encrypt user data.
Using argon2 is an expensive operation so i only want to call it only once when the… Continue reading Mixing argon2/HKDF to generate both password hash and encryption key?
If I administer a webpage that allows users to create accounts, and assuming I don’t keep or even ever have access to plaintext passwords, is it possible for me to detect that one of my users is using a known bad password?
I am guessing th… Continue reading Is it possible to check for pwned/common passwords using salted hashes of the passwords?
I’ve been given the task of recovering a list of hashed passwords. I am new to python and this is my first and only security course for my degree. However, I am struggling on how to go about solving this problem. The problem is below.
Bel… Continue reading Hash cracking homework question [closed]
There is two different passwords for a single user.
I’m hashing both for future validation. I’m currently using a single unique salt for the user, but each is hashed with a different algorithms (PBKDF2 with different algorithm and differen… Continue reading Is there any benefit to use different salt for different encryption algorithms for same user
The context is described in another of my question, and is as follow : i’ve got to securely store identifiers, called TIP. We need (1) a method to derive always the same UID from a TIP, so that no one can do the reverse operation, except … Continue reading PGP keys as a hashing method
Here is my situation : we’ve got ID, named TIP, from remote and large databases. We want to store all the data, but laws prevents us to store the TIP directly, but rather anonymize them, for security reasons, as these TIP are, indeed, iden… Continue reading What to do if i have no salt?