Salt Bugs Allow Full RCE as Root on Cloud Servers
Researchers say the bugs are easy to exploit and will likely be weaponized within a day. Continue reading Salt Bugs Allow Full RCE as Root on Cloud Servers
Category Archives: salt
Writing a Simple SHA256 Salted Hash Generator
I saw a video detailing how to write a simple salted hash program in C# here.
Below is the code they wrote (slightly edited for console applications):
using System;
using System.Text;
using System.Security.Cryptography;
namespace MyAppl… Continue reading Writing a Simple SHA256 Salted Hash Generator
Oversalting Potentially Harmful?
I find it hard to believe, and figure I just missed or forgot something obvious (years since I thought about this stuff), so maybe someone can point it out. But it seems like most of what I know about salts is they’re kinda loose in guidel… Continue reading Oversalting Potentially Harmful?
Can a salt be a random ASCII string or be derived from one?
I’m using a KDF (PBKDF2HMAC) to generate a Fernet key from a given password, but to do so I also need to generate and store a salt.
import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.ba… Continue reading Can a salt be a random ASCII string or be derived from one?
Zynga faces class action suit over massive Words With Friends hack
It’s charging subpar password security and lousy user notification: Zynga has yet to notify users to warn them of the breach, the suit says. Continue reading Zynga faces class action suit over massive Words With Friends hack
Can’t solve format for Salted SHA1 hashes with Hashcat?
I am attempting to understand the format for this Salted SHA1 hash for an assignment. The line of text I was given was:
nameExample@email.com,nameExample,nameExample@email.com,nameExample,,,aadefeff82b5c1a2272079151dc489822aeaa6ca,7391178a… Continue reading Can’t solve format for Salted SHA1 hashes with Hashcat?
Using a Pepper as the index to insert a salt
In this question on this board the author of the selected answer states the following.
If you, as an attacker, manage to extract hashes and salts from a database, you probably either find a way to extract the password hashing algorithm… Continue reading Using a Pepper as the index to insert a salt
BLAKE2: What is the difference between the salt and the personalization? [migrated]
Libsodium builds their KDF on top of BLAKE2b:
BLAKE2B-subkeylen(key=key, message={}, salt=subkey_id || {0}, personal=ctx || {0})
Besides the key, the function has two additional arguments: The subkey ID (a 8 byte value which is 0-padded… Continue reading BLAKE2: What is the difference between the salt and the personalization? [migrated]
Login based on password only (might call it a token) [closed]
I hate remembering account names and passwords and noticed I often handle new accounts this way:
If a site is asking for a password I use passwordsgenerator.net to generate a long random password and do not write it down. I let Chrome rem… Continue reading Login based on password only (might call it a token) [closed]
Which part of this encoded Argon2 hash is the salt?
I was reading the post Is it safe/wise to store a salt in the same field as the hashed password?:
$argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$fPn4sPgkFAuBJo3M3UzcGss3dJysxLJdPdvojRF20ZE=
My understanding is that everything prio… Continue reading Which part of this encoded Argon2 hash is the salt?