Collaborate Disseminate
I have an embedded device running Armbian which I was able to get the drive image from. The entry in /etc/shadow combined with /etc/passwd after unshadowing is this:
root:$6$TV6ML2bG$TncnN/adtU9xaQs/OpmkWzpMIGuYexLf.timEI28P5RIPn5xjKRu.aib… Continue reading Does John the Ripper automatically account for salt and hash?
Long story short, I scanned a website and found an sql injection bug. (Did it several times and that was the only thing I could find).
So I used sqlmap to retrieve databases, tables, and columns. This website is using Oracle database. (Ora… Continue reading Stuck with salted hashes and can’t go any further (via SQLMAP and Sql Injection) [closed]
The goal when creating or changing your password is to make it as unique as possible so that it cannot be easily guessed and hence compromised. The main goal of salts is to achieve this. They increase the uniqueness of your password on the… Continue reading How can we use salts to increase the efficiency of hashing? [closed]
I know there are various questions that seem similar, for instance, this one. However, it does not answer my question.
I’m creating a signup/login system (with node.js to be particular), and I’m trying to hash the user’s password (with bcr… Continue reading How can I use a unique salt for each user
I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last … Continue reading How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt
In this report on the recent ParkMobile breach, the article has this comment from the company:
“You are correct that bcrypt hashed and salted passwords were obtained,” Perkins said when asked about the screenshot in the database sales thr… Continue reading How can salted passwords work if you don’t "keep the salts in the system"?
I have a ISP CPE box running software by SoftAtHome (similar to Orange LiveBox or Swisscom devices).
By querying the undocumented sysbus-API on the box using this tool, I have discovered several hidden user accounts with hardcoded password… Continue reading Cracking SSHA256 hash+salt of unknown composition from undocumented router API
I need to implement some hashing scheme for an open-source project. This is what I currently have and I’d like to hear whether this is secure enough –
The password is hashed using PBKDF2-SHA256 (which I prefer over bcrypt simply because Op… Continue reading Is combining salt from two places secure enough and what length
I would like to send emails from a server, but also make them unable to trace for me as server owner or attackers. I want this for GDPR but also to protect people from abusers.
Short info about service: I am a provider of a service as a pe… Continue reading Sending and blocking emails from hashed and salted address ? (for GDPR)
Note: I’ve already read Is it ok to send plain-text password over HTTPS? and https security – should password be hashed server-side or client-side?, but here it’s about a specific replacement method (see below).
After reading an article a… Continue reading Alternatives for sending plaintext password while login