Collaborate Disseminate
I am trying to use a user password in my application to both generate a password hash (for authentication) and to derive a secret key to encrypt user data.
Using argon2 is an expensive operation so i only want to call it only once when the… Continue reading Mixing argon2/HKDF to generate both password hash and encryption key?
If I administer a webpage that allows users to create accounts, and assuming I don’t keep or even ever have access to plaintext passwords, is it possible for me to detect that one of my users is using a known bad password?
I am guessing th… Continue reading Is it possible to check for pwned/common passwords using salted hashes of the passwords?
I’ve been given the task of recovering a list of hashed passwords. I am new to python and this is my first and only security course for my degree. However, I am struggling on how to go about solving this problem. The problem is below.
Bel… Continue reading Hash cracking homework question [closed]
There is two different passwords for a single user.
I’m hashing both for future validation. I’m currently using a single unique salt for the user, but each is hashed with a different algorithms (PBKDF2 with different algorithm and differen… Continue reading Is there any benefit to use different salt for different encryption algorithms for same user
The context is described in another of my question, and is as follow : i’ve got to securely store identifiers, called TIP. We need (1) a method to derive always the same UID from a TIP, so that no one can do the reverse operation, except … Continue reading PGP keys as a hashing method
Here is my situation : we’ve got ID, named TIP, from remote and large databases. We want to store all the data, but laws prevents us to store the TIP directly, but rather anonymize them, for security reasons, as these TIP are, indeed, iden… Continue reading What to do if i have no salt?
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?
Continue reading Any idea on how this 36 character long string generated? [duplicate]
I was recently participating in a CTF with a challenge that required contestants to find two .pdf files with the same md5 hash, and that got me thinking about how that could be a potential vulnerability in some systems (though not necessar… Continue reading Is it common practice to take multiple hashes of the same object?
I would like to ask how I should go about securely transmitting the password between two applications. I have two projects that work with each other. The first one is a project called AuthApi, which authenticates the user and creates token… Continue reading ow do I move password securely between api and web?
I recently ran an account security check through my bank’s web site, and my bank "reassured" me that I have a strong password.
Should I be concerned that they know that? I had assumed that they only stored a (hopefully salted) ha… Continue reading Should I be concerned that my bank told me that I have a strong password? [duplicate]