salt – WindowsTechs.com

Can I store a salted hash (sha256) of an email in a user’s cookies? [migrated]

Posted on November 4, 2024 by Grif

I am working on a web app and need to have access to a user’s salted hash email in middle-ware. The simplest way to do this, for me, would be a cookie. Since this is a salted sha256 hash, even if the cookie was stolen the hacker could not … Continue reading Can I store a salted hash (sha256) of an email in a user’s cookies? [migrated]→

Strange salt value in /etc/shadow [migrated]

Posted on October 14, 2024 by Robindev

I have an embedded linux device with a fairly modern linux kernel. However, with the last update a strange thing has happened: when a password is modified with passwd for any user, the salt value in etc/shadow is replaced with rounds=65536… Continue reading Strange salt value in /etc/shadow [migrated]→

Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt

Posted on July 8, 2024 by jamesgaddum

I’m working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder can access multiple connected accounts… Continue reading Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt→

Is it secure to save a salt in session variables

Posted on June 12, 2024 by Èl Sea

I know a salt isn’t secure data that needs to be encrypted in the dB, but as its access should be controlled, is it considered safe to save it as a session variable at login for use later on different pages? Or should it be looked up in th… Continue reading Is it secure to save a salt in session variables→

Hash security and penetration testing [closed]

Posted on May 29, 2024 by QF0

I’ve been looking at hash security, and how tools like hashcat and John The Ripper work. I seem to have misunderstood some basic stuff, and would appreciate some clarification on:

If you’re pen testing, and you’ve got a hash that you’re t… Continue reading Hash security and penetration testing [closed]→

Crack hash with given salt and dictionary

Posted on May 24, 2024 by Ankeet Saha

pbkdf2:sha256:600000$m28HtZYwJYMjkhJ5$2d481c9f3fe597390e4c4192f762188bf311e834030a11e069019015fb336c14
This is the format in which I have the hash. I also have a dictionary which consists of the actual password. How do I use some tool (lik… Continue reading Crack hash with given salt and dictionary→

How to verify the salt in the SCRAM protocol?

Posted on May 18, 2024 by n-l-i

I’ve recently read about the SCRAM authentication protocol. One of the stated design motivations is to support mutual authentication, but how does the client verify that the salt and cost parameters provided by the server are correct?
If t… Continue reading How to verify the salt in the SCRAM protocol?→

Question about storing salt values and hashed passwords in the database [duplicate]

Posted on April 6, 2024 by mantot123

So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are stored in the database.
Now, I was wondering… Continue reading Question about storing salt values and hashed passwords in the database [duplicate]→

Figure out the Salt? [duplicate]

Posted on April 3, 2024 by Mike Q

I want to test how secure our internal application is and I was wondering if it is possible to figure out the salt or something if I know the following info about a few accounts (basically the hash and the actual password for multiple user… Continue reading Figure out the Salt? [duplicate]→

Concrete Clears its Own Snow

Posted on March 24, 2024 by Bryan Cockfield

Humans are not creatures well suited to cold environments. Without a large amount of effort to provide clothing, homes, and food to areas with substantial winters, very few of us …read more Continue reading Concrete Clears its Own Snow→