Collaborate Disseminate
I am specifically looking at the npm package metadata like from the lodash package, the relevant part which is this:
{
"shasum": "392617f69a947e40cec7848d85fcc3dd29d74bc5",
"tarball": "https://registr… Continue reading How is the npm package manager made robust security-wise, what are the keys they are using, and how do they use them?
I’m making a web application on the MERN stack which stores sensitive user data, in the form of a big block of text.
The encryption method I am using is that when a user registers, a random key is generated (generated key), and using anoth… Continue reading Where or how to persist a decryption key in a React app?
Encryption tech is obviously intended to secure things that we want to be private over an insecure medium. When I log into a site for example, my password is transmitted over HTTPS, hashed by the reciever (hopefully), and then compared to … Continue reading Is a leaked encrypted password more secure than a leaked hash?
I am creating an authentication system that is able to login to the same account with different sets of credentials. I also want to allow users to login with either username or email with the same given password. To make it a little easier… Continue reading Two different salted hashes of the same password for the same user
Could someone please explain this to me: When you use a fuzzy hash algorithm (ssdeep, tlsh, sdhash… or any other) to calculate the hash value of a file, does it calculate the hash based on the whole file (e.g. a PDF file consists of a tr… Continue reading Fuzzy hash of a file
I’m currently trying to understand how salting and no. of rounds work using mkpasswd. These are the commands that I have been experimenting around.
cp@cp-vm:~/Asg2_Task1b$ time mkpasswd -m sha-512 pAssWo@%d
$6$d7.91BJxU$zuda2MejtPegqkSiSOX… Continue reading What is the effect of salt and no. of rounds in mkpasswd encryption?
There are functions like MD5 and SHA2 in MySQL which can be used to hash values before putting them into the database, or when searching over values.
As I proposed a possible solution in a comment to this answer to a question, I was told t… Continue reading What are the threats of using hashing functions that are built into the DBMS? (besides man-in-the-middle attacks)
Hypothetically, I’d like to demonstrate that I am the owner of a piece of published information. The requirements are the following.
The hash/ characteristic string is compact enough (ideally a few bytes, say 16 or 32.)
It does not expose… Continue reading What’s the shortest message you need to claim ownership of another message?
For practice, I write let’s call it a notebook app that stores users’ notes in AES-encrypted form. For encryption, I use a password-based intermediate key technique as described here. Actually, the exact encryption method doesn’t matter he… Continue reading Using hashed trigrams to search over encrypted data
I have take a zip file from NFS port using sudo mount -t nfs 192.168.1.105/backup /tmp/kevgir .
After that, I got backup.tar.bz2.zip file in /tmp/kevgir directory. I crack the zip file using fcrackzip tool, but I also wanted to crack it us… Continue reading Problem in using zip2john tool to take hash values [migrated]