Collaborate Disseminate
Here are my conditions:
My Rest API must accept username and plain password. But, that’s very bad. That’s why the client must encrypt the password first and my rest API will decrypt it to get the plain password.
My client and rest API alr… Continue reading Is using random salt to pbkdf2 for every request to Rest API good/bad?
I have an old system that can do PBKDF2 with HMAC using MD5, but not SHA-2. Now I know that MD5 is insecure and shouldn’t be used for new applications, but https://crypto.stackexchange.com/a/9340/7075 seems to indicate that HMAC-MD5 is st… Continue reading Is pbkdf2 with hmac using md5 still secure?
I am using PBKDF2 on NodeJS to authenticate a user who submits username & password. To do this, when the user first registers, I generate a salt, I use 200000 iterations, I specify a key length of 32 bytes, and I use sha256 as the dige… Continue reading Use PBKDF2 for both authentication and decryption on NodeJS
We provide web redirection based integration with our partners’ web apps. The flow is something like the following, and the password is generated randomly and shared with them during the onboarding process and before any interaction can ta… Continue reading Use pre-computed PBKDF2 key with high iteration count as password
I read about Recommended # of iterations when using PBKDF2-SHA256?
I have also read in Why not just use a small but unusual number of hashing rounds? that when there are multiple password to protect, the moment one is cracked the hacker wi… Continue reading Does using a random number of iterations for PKBDF2-SHA256 help if I only have to protect one key used to encrypt a password protecteded file?
SHA-256 generates a 32-byte hash, Is it a safe practice to use the first 16 as an iv (nonce) and the second 16 as a key ?
What other things I should consider when using PBKDF2 in a scenario like this ?
Continue reading Can I use part of PBKDF2 output as an IV (nonce)?
I am using CryptoJS AES 256 encryption:
CryptoJS.AES.encrypt(string, secret);
The secret is generated through:
function generateKey(str) {
const salt = CryptoJS.lib.WordArray.random(128 / 8);
const key512Bits = CryptoJS.PBKDF2(str, … Continue reading How to correctly convert a bit key to string for aes 256 encrytion?
I need to implement some hashing scheme for an open-source project. This is what I currently have and I’d like to hear whether this is secure enough –
The password is hashed using PBKDF2-SHA256 (which I prefer over bcrypt simply because Op… Continue reading Is combining salt from two places secure enough and what length
In my app i want to "encrypt" cryptography key on user’s password. As i understood the best solution is using PBKDF2 for this purposes. I found implementation in OpenSsl crypto library: PKCS5_PBKDF2_HMAC.
But there is some securi… Continue reading What is secure params for PBKDF2 (2021 year) [duplicate]
In my app i want to "encrypt" cryptography key on user’s password. As i understood the best solution is using PBKDF2 for this purposes. I found implementation in OpenSsl crypto library: PKCS5_PBKDF2_HMAC.
But there is some securi… Continue reading What is secure params for PBKDF2 (2021 year) [duplicate]