Collaborate Disseminate
If I am using SHA-512 hash values merely as a means to search fields that have been encrypted elsewhere, is it cryptographically secure enough to hash without salt?
For background, I have been given a non-negotiable requirement to encrypt … Continue reading Using hash to search encrypted records
According to docs:
To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …
and
In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?
I have set it up so that when my users change their password, the salt is recomputed.
Besides hiding the fact that they may change their password to the same thing (I am checking that by first hashing their new pwd with the old salt) it do… Continue reading Does recalculating per-user salt every time a user changes password make any difference?
I must protect a field being passed to a client through a public network, then passed back to the same cluster. The client is not decrypting it; the client will pass it back as-is to the server, which will decrypt it to extract the origina… Continue reading Does adding salt increase security when encrypting with pepper?
I have a top level familiarity with Rainbow tables (1 ,2 )
I also understand that salting adds a randomly generated alphanumeric string to each password before it gets hashed and put in a database.
My understanding of Rainbow tables (RTs) … Continue reading What are the underlying mechanics that make password salting an effective deterrent against Rainbow Tables? [duplicate]
The Japanese people love their salt, perhaps as much as Americans love their sugar high fructose corn syrup and caffeine. But none of these are particularly good for you. Although …read more Continue reading Electric Chopsticks Bring the Salt, Not the Pain
This question is purely theoretical, I have no intention of ever implementing this scheme in practice. I’m familiar with the shortcomings of sleeping as means of mitigating timing attacks. I’m more interested in this from the attacker’s pe… Continue reading Does this theoretical salted-hash-sleep scheme mitigate timing attacks?
I like to know if hashing protects privacy enough, i.e., if a hash of PII is still considered to be personally identifying information (PII).
I found this article: https://www.johndcook.com/blog/2019/07/20/hashing-pii-does-not-protect-priv… Continue reading Hashing to protect privacy
My webapp takes in email addresses as user names at registration, verifies ownership by sending emails with confirmation links, etc.
I’m now looking for a secure design of a user deletion feature, such that despite the account being delete… Continue reading Design for deleting users accounts, yet knowing when they register again
Maybe it’s not a good idea, but I would like to check it with you.
When using HMAC SHA to hash a clear text value (string max 30 char) I need to use a key (256) but in my scenario this key is static and always the same each time I need to … Continue reading HMAC SHA256 by using a static key + text as a key