Collaborate Disseminate
Is the -salt option useful when you are doing file encryption?
From what I understand, the salt protects from rainbow table attack, but such tables are used against passwords, which are usually 10-20-30 characters long. If you encrypt file… Continue reading Openssl salt option useless for file encryption? [duplicate]
I am working on a web app and need to have access to a user’s salted hash email in middle-ware. The simplest way to do this, for me, would be a cookie. Since this is a salted sha256 hash, even if the cookie was stolen the hacker could not … Continue reading Can I store a salted hash (sha256) of an email in a user’s cookies? [migrated]
I have an embedded linux device with a fairly modern linux kernel. However, with the last update a strange thing has happened: when a password is modified with passwd for any user, the salt value in etc/shadow is replaced with rounds=65536… Continue reading Strange salt value in /etc/shadow [migrated]
I’m working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder can access multiple connected accounts… Continue reading Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt
I know a salt isn’t secure data that needs to be encrypted in the dB, but as its access should be controlled, is it considered safe to save it as a session variable at login for use later on different pages? Or should it be looked up in th… Continue reading Is it secure to save a salt in session variables
I’ve been looking at hash security, and how tools like hashcat and John The Ripper work. I seem to have misunderstood some basic stuff, and would appreciate some clarification on:
If you’re pen testing, and you’ve got a hash that you’re t… Continue reading Hash security and penetration testing [closed]
pbkdf2:sha256:600000$m28HtZYwJYMjkhJ5$2d481c9f3fe597390e4c4192f762188bf311e834030a11e069019015fb336c14
This is the format in which I have the hash. I also have a dictionary which consists of the actual password. How do I use some tool (lik… Continue reading Crack hash with given salt and dictionary
I’ve recently read about the SCRAM authentication protocol. One of the stated design motivations is to support mutual authentication, but how does the client verify that the salt and cost parameters provided by the server are correct?
If t… Continue reading How to verify the salt in the SCRAM protocol?
So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are stored in the database.
Now, I was wondering… Continue reading Question about storing salt values and hashed passwords in the database [duplicate]
I want to test how secure our internal application is and I was wondering if it is possible to figure out the salt or something if I know the following info about a few accounts (basically the hash and the actual password for multiple user… Continue reading Figure out the Salt? [duplicate]