kdf – WindowsTechs.com

Password checks in backend vs. password encrypted data sent to frontend?

Posted on November 21, 2024 by Lukas Kalbertodt

Lets assume I am building a pastebin-like web app: users can upload text notes and share them. Users should be able to password-protect notes. Whenever viewing such a note, other users must first provide the correct password to be able to … Continue reading Password checks in backend vs. password encrypted data sent to frontend?→

How exactly does OpenGPG protect private keys?

Posted on November 5, 2024 by Binarus

Today it was time again to generate some new PGP key pairs that will be used for end-to-end-encrypted email. Now I’d like to know how exactly OpenPGP protects the private keys.
What I have understood so far is that the actual private PGP k… Continue reading How exactly does OpenGPG protect private keys?→

Searchable encryption for phone numbers

Posted on July 15, 2024 by Stefan van den Akker

I have a table in Postgres that stores phone numbers. Since phone
numbers are considered PII, I cannot store them as plaintext.
For other PII fields, I use AES-256-CBC. However, the requirements are that phone numbers are

part of a unique… Continue reading Searchable encryption for phone numbers→

Debug bcrypt iterations with a static salt [closed]

Posted on September 21, 2022 by Ghost Rider

I want to debug bcrypt rounds with a static salt using this python lib
import bcrypt
salt = bcrypt.gensalt(14)
password = b"foo"
foo_1_round = bcrypt.kdf(password, salt, desired_key_bytes=10, rounds=1)
foo_2_rounds_manually = bcr… Continue reading Debug bcrypt iterations with a static salt [closed]→

KDF vs hash function in loop for hashing password

Posted on September 20, 2022 by Ghost Rider

I’m trying to grasp which benefit can KDF like PBKDF2, scrypt and bcrypt (I know that bcrypt is technically not KDF) may bring over hashing in loop like sha256sum(sha256sum(sha256sum…..(salt + master password))) – N times, where N equals… Continue reading KDF vs hash function in loop for hashing password→

Key derivation for password manager backup?

Posted on May 6, 2022 by Fax

Backing up your password manager is a good idea in case your house burns down, but where do you store the password to the off-site backup?
Remembering the master password is easy, but re-using the master password directly for my off-site b… Continue reading Key derivation for password manager backup?→

Verify password before decrypting data

Posted on February 28, 2022 by Bernardo1r

I need to verify a password before decrypting the data. My encrypted data is too big and waiting to see if the authentication tag is correct is out of the question. I’m using Argon2id as my KDF. My question is, can I hash the derived key w… Continue reading Verify password before decrypting data→

SCrypt’s goal and the role its salt plays

Posted on February 17, 2022 by Neev Penkar

Am I right in stating that SCrypt as an algorithm is useful where many passwords are stored in a database, but not against one specific encryption key derived from one password of one user?
For example, let there be a password, a salt, and… Continue reading SCrypt’s goal and the role its salt plays→

Use PBKDF2 for both authentication and decryption on NodeJS

Posted on August 26, 2021 by vrtjason

I am using PBKDF2 on NodeJS to authenticate a user who submits username & password. To do this, when the user first registers, I generate a salt, I use 200000 iterations, I specify a key length of 32 bytes, and I use sha256 as the dige… Continue reading Use PBKDF2 for both authentication and decryption on NodeJS→

TLS 1.3 HKDF-Expand references to Hello messages

Posted on April 1, 2021 by Liam Kelly

I am looking into TLS 1.3 implementations and am a little confused about what is being referenced in the HKDF functions. Specifically the last argument in the Dervice_Secret wrapper function. From RFC 8446:
PSK -> = Early Secret
… Continue reading TLS 1.3 HKDF-Expand references to Hello messages→