Collaborate Disseminate
Technology enables all kinds of possibilities to mold our environments in the way we best see fit. Plenty of ski resorts use snowmaking to extend their seasons, there are wave …read more Continue reading 3D Printed Climbing Holds, Now With Texture
I am currently generating a salted SHA 256 passwords in the below format
$hash = "{SHA256}".base64_encode(hash(‘sha256’, $password . $salt) . $salt) .
Using the below libraries of Java classes to generate.
java.security.MessageD… Continue reading How different ldap implementations are generating random salt?
I have a SSHA256 hashed password. Below is the plaintext and hashed password for it.
PlainText -p@ssw0rd
Encrypted -{SSHA256}LGkJJV6e7wPDKEr3BKSg0K0XDllewz9tvSNSaslDmIfPFmyuI5blUK/QsTXjvgFKLlMQm1jPC7K7z/KaD4zoHQ==
How can I extract salt f… Continue reading How can I extract salt from encoded base64 Salted SHA 256 hashed password
This is a cryptographic challenge I was given:
I have a list of 1000 hashed email addresses where I know the domain name for them (eg. "@gmail.com").
According to hashes.com:
Possible algorithms:
SHA1, SHA1(UTF16-LE($plaintext))… Continue reading Find pre-images of hashed email addresses
I am building an web service where I handle user data and security is the top and main concern. To store my passwords, I have decided on a algorithm which takes a little longer at runtime than I want. I am using AWS Lightsail for hosting m… Continue reading Should I isolate my password hashing algorithms in another server to decrease CPU stress?
The password of the user shall be used for client side encryption. A PBKDF and salt shall be used to derive a key from the user password.
Do I need to store this salt on the server and deliver it to each new client/device the user authenti… Continue reading When using a user password for client side encryption, do I have to store the salt for the user encryption key on the server?
[Chase’s] post titled “How to Grow Sodium Chloride Crystals at Home” might as well be called “Everything You Always Wanted to Know about Salt Crystals (but Were Afraid to Ask).” …read more Continue reading The (Sodium Chloride) Crystal Method
Here are my conditions:
My Rest API must accept username and plain password. But, that’s very bad. That’s why the client must encrypt the password first and my rest API will decrypt it to get the plain password.
My client and rest API alr… Continue reading Is using random salt to pbkdf2 for every request to Rest API good/bad?
In my company, numeric user IDs are considered PIIs and therefore need to be pseudo-anonymized to be GDPR compliant.
To do so, we populate a lookup table where to each ID is assigned a monotonically decreasing gdpr_ID. Then when users are … Continue reading Choosing the right salt to pseudo-anonymize data and be GDPR compliant
I have an old system that can do PBKDF2 with HMAC using MD5, but not SHA-2. Now I know that MD5 is insecure and shouldn’t be used for new applications, but https://crypto.stackexchange.com/a/9340/7075 seems to indicate that HMAC-MD5 is st… Continue reading Is pbkdf2 with hmac using md5 still secure?