Collaborate Disseminate
I’m currently trying to understand how salting and no. of rounds work using mkpasswd. These are the commands that I have been experimenting around.
cp@cp-vm:~/Asg2_Task1b$ time mkpasswd -m sha-512 pAssWo@%d
$6$d7.91BJxU$zuda2MejtPegqkSiSOX… Continue reading What is the effect of salt and no. of rounds in mkpasswd encryption?
I am new to Hashcat and I am trying to decode a password/salt hash. Everything I have tried comes back as "no hash-mode matches…" Any assistance on the correct hashcat command line would be appreciated.
Also, how does one gen… Continue reading Decrypt with Hashcat using Pswd and Salt
I am new to Hashcat and I am trying to crack a password/salt hash. Everything I have tried comes back as "no hash-mode matches…" Any assistance on the correct hashcat command line would be appreciated.
salt:b9v62crdfsq6nz8btk… Continue reading Crack with Hashcat using hash and salt
Given the following argon2 hash
$argon2id$v=19$m=65536,t=32,p=8$mJmKA5qamzXOPJZYw4wCEUKY$COkMH0RckaZ/3bhYCdCQjLuzoLKxcAmk4TzmHRRgTQ8
How should the hash be stored in a database? From the answers of this question it says you shouldn’t store… Continue reading How should an argon2 hash be stored? [duplicate]
Typically for user passwords we store their hashes and salt alongside in the database – one per user.
I wonder the security implications of hashing the same password twice and storing locally both.
hash(pwd, salt1) # => $digest1$salt1
… Continue reading Storing two hashes of same password?
We have a script that is used as a tool to test password quality for all our users.
From the script, we could know if users are using the same password for their different accounts.
I supposed the tool is comparing stored hashes.
Did that … Continue reading How secure are hashed passwords and could we create a matching table for the passwords? [closed]
I want to log IP addresses visiting my site, for aggregated statistics only and to see if the same IP address has visited twice. But I don’t want to expose them.
My Idea is in my database.
$IP_Verifier = hash($IP + $CONST_Server_salt + $CO… Continue reading Using a Client and Server secret to double salt a hash
I’ve been playing with a CUDA MD5 cracker which is very impressive indeed.
For a novelty project, I’d like to make a file that contains the last 32 bits of it’s own hash.
I’d like to achieve this by starting the MD5 in an initial state tha… Continue reading Brute force (last 32 bits of) MD5 with salt [closed]
Is it secure to expose a salted bcrypt hash (minimum 14 cost) if the used password is 72 characters (maximum) byte long, randomly generated letters, numbers, and special characters using secure generator?
Is it secure against offline brute… Continue reading Is it secure to expose a salted bcrypt hash IF it is maximum length random secure password?
I am currently learning about cybersecurity and trying to implement it in my next web application.
I have been reading some articles about hashing, specifically SHA2 and Blowfish.
In this article, it is recommended to add a hard-coded salt… Continue reading Is it a good practice to add hard-coded salt to BCrypt passwords?