Collaborate Disseminate
Now this may seem like a stupid question, but it just occurred to me: How secure is base64 encoding compared to (plain) hashing?
Nobody can read base64 code by itself, but it still isn’t that hard to decode it:
atob("SomePasswordInBas… Continue reading Using base64 for secure encoding [duplicate]
We (collectively) salt passwords, then hash them; maybe even run them through something like PBKDF2 first (depending on how the password will be used).
The end result is that we have a string p and map it to a fixed-length string p’ using … Continue reading How certain is it that a shorter password can’t match the salted hash of a long one? [migrated]
I am making a simple ticketing system for a small local party so people can order their tickets for the party online.
It works like this:
The user enters his info.
He pays for the ticket.
If the payment was successful a unique openssl_ran… Continue reading Saving the code of a ticket unhashed
I have a .dmg file on my MacBook. I have forgotten the password of the .dmg file and now I’m not able to access the files in it.
I tried using John the Ripper. However, whenever I run john –format=dmg-opencl (*insert filename here), I alw… Continue reading How to create a hash file of a .dmg file for use in JTR?
In hashcat, when we need to crack password based on wordlist, but additionally want to try partly bruteforce random ASCII characters in the end of any entry from the wordlist, we can use the following command:
hashcat -a 6 -m 1800 .\unshad… Continue reading john the ripper tool – how to combine wordlist with incremental modes?
I have to secure HTTP requests`s body on application layer, so I wanted to generate signatures with hash of body and the receiver will validate it.
But I can do it in different way and apply it into existing architecture. My server already… Continue reading Applying application-level signing in HTTP
I am specifically looking at the npm package metadata like from the lodash package, the relevant part which is this:
{
"shasum": "392617f69a947e40cec7848d85fcc3dd29d74bc5",
"tarball": "https://registr… Continue reading How is the npm package manager made robust security-wise, what are the keys they are using, and how do they use them?
I’m making a web application on the MERN stack which stores sensitive user data, in the form of a big block of text.
The encryption method I am using is that when a user registers, a random key is generated (generated key), and using anoth… Continue reading Where or how to persist a decryption key in a React app?
Encryption tech is obviously intended to secure things that we want to be private over an insecure medium. When I log into a site for example, my password is transmitted over HTTPS, hashed by the reciever (hopefully), and then compared to … Continue reading Is a leaked encrypted password more secure than a leaked hash?
I am creating an authentication system that is able to login to the same account with different sets of credentials. I also want to allow users to login with either username or email with the same given password. To make it a little easier… Continue reading Two different salted hashes of the same password for the same user