Collaborate Disseminate
I’m a total noob, so please help me out.
Suppose something is hashed in sha256. If we know the value of some part of the hashed text, can we figure out the entire text?
Ex: xxxxxx + j4l58jl6j4l6j4 = 64j1l5l64lkh41l654kj165l4j1566ghj6ghj6g1… Continue reading Is it possible to reverse a sha256 hashed value if we know part of the input value?
In a php/mysql based system I work on, they recently found several SQL injection vulnerabilities. Those come from 3rd party plugins, and I must assume there are more to be discovered.
My major concern is elevation of privileges, as almost … Continue reading sql injection mitigation by signed db entries?
I am using some frameworks that store salts inside databases. For example this article shows how Devise stores salt together with the user information. My question is why do people say that salts prevent rainbow table attacks? I make this … Continue reading Why people say that salt helps to prevent rainbow table attack?
I read that it is important to use a salt together with the password to avoid rainbow table attack. I agree with that, but is there any difference, in terms of security, if
I use password + salt or
I use a complex password?
That is, do I… Continue reading Is necessary to use salt if I use a complex password? [closed]
I don’t understand this part of the Rainbow table attack.
In all my Google searches, it says that a hacker uses a rainbow table on password hashes.
But how does the hacker obtain the password hashes in the first place?
I have rephrased thi… Continue reading How does a ‘rainbow table’ hacker obtain password hashes in the first place?
How is Salting a password considered secure, when the idea of a rainbow table attack means that the hacker already has access to user password Database?
Since the Attacker already has access to the password database… he can just send the… Continue reading How is Salting a password considered secure, when the hacker already has access to user password Database? [closed]
I downloaded a software that has a login interface. It’s a $100 a month subscription software.
I disassembled the software and found that passwords are being sent by combining them with a hard coded "salt" that everyone can see i… Continue reading Client side password hashing with static salt – did I find a breach?
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities. Continue reading Hackers Compromise Cisco Servers Via SaltStack Flaws
Django web framework uses the Double Submit Cookie pattern for CSRF protection. (The CSRF token is sent in a cookie and also in a hidden form field. Incoming requests are checked for a match between the token in the cookie and the token in… Continue reading What’s the point of salting Double Submit Cookie (CSRF protection)?
Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers.
Continue reading Ghost blogging platform suffers security breach