Collaborate Disseminate
Is it secure to expose a salted bcrypt hash (minimum 14 cost) if the used password is 72 characters (maximum) byte long, randomly generated letters, numbers, and special characters using secure generator?
Is it secure against offline brute… Continue reading Is it secure to expose a salted bcrypt hash IF it is maximum length random secure password?
I am currently learning about cybersecurity and trying to implement it in my next web application.
I have been reading some articles about hashing, specifically SHA2 and Blowfish.
In this article, it is recommended to add a hard-coded salt… Continue reading Is it a good practice to add hard-coded salt to BCrypt passwords?
The regular granular table salt you’re used to isn’t the most attractive-looking seasoning out there, even given its fundamentally compelling flavor. You don’t have to settle for boring old salt …read more Continue reading How To Grow Your Own Pyramid Salt Crystals
I am trying to better understand the processes involved in e2ee using WebCrypto on the browser.
I understand that the only real method to use a passphrase to generate a symmetric key on the browser is using PBKDF2 using a crypto random sal… Continue reading Can parts of WebCrypto AES-GCM be reused between encryptions
“When those invitations went out… somehow, your password hash went out with them.” Continue reading Slack admits to leaking hashed passwords for five years
If I am using SHA-512 hash values merely as a means to search fields that have been encrypted elsewhere, is it cryptographically secure enough to hash without salt?
For background, I have been given a non-negotiable requirement to encrypt … Continue reading Using hash to search encrypted records
According to docs:
To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …
and
In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?
I have set it up so that when my users change their password, the salt is recomputed.
Besides hiding the fact that they may change their password to the same thing (I am checking that by first hashing their new pwd with the old salt) it do… Continue reading Does recalculating per-user salt every time a user changes password make any difference?
I must protect a field being passed to a client through a public network, then passed back to the same cluster. The client is not decrypting it; the client will pass it back as-is to the server, which will decrypt it to extract the origina… Continue reading Does adding salt increase security when encrypting with pepper?
I have a top level familiarity with Rainbow tables (1 ,2 )
I also understand that salting adds a randomly generated alphanumeric string to each password before it gets hashed and put in a database.
My understanding of Rainbow tables (RTs) … Continue reading What are the underlying mechanics that make password salting an effective deterrent against Rainbow Tables? [duplicate]