Collaborate Disseminate
I want to hash email addresses so that they are anonymous but still unique in my database. I was thinking of using scrypt for this and creating the salt as a sha256 of some secret stored on the server + their email address. Implementation … Continue reading Hashing email addresses using scrypt
Am I right in stating that SCrypt as an algorithm is useful where many passwords are stored in a database, but not against one specific encryption key derived from one password of one user?
For example, let there be a password, a salt, and… Continue reading SCrypt’s goal and the role its salt plays
I’m working on updating the encryption method of a class at work. The encrypt and decrypt methods take the text to encrypt/decrypt and a string which used to be used as a salt (this string is hardcoded in the method calls in lots of places… Continue reading Is there any benefit to encrypting a derived key?
First of all, the understanding I have of the p parameter in scrypt is that it multiplies the amount of work to do, but in such a way that the additional workloads are independent from each other, and can be run in parallel. With the inter… Continue reading Why isn’t it more popular to increase the p (parallelization) parameter of scrypt?
There is a scrypt cipher which is used for exmaple by some cryptos like LItecoin for their mining algorithm.
I never heard of scrypt. I know eg SHA256 which is well analyzed and considered as secure until now.
ANy known crypatanalysi… Continue reading Scrypt KDF cipher – known vulnerabilities and cryptanalysis? [migrated]
We have a scenario where we need to prevent two users from using the same identifier. The identifier is sensitive (e.g. a social security number), so we do not want to store it in our DB. We just want to store some sort of ha… Continue reading Detect duplicates without exposing underlying data
main question is in the title. Some clarification though:
When you factory reset your encrypted phone, the old device encryption key (DEK a) gets deleted and a new encryption key (DEK b) is being generated, which is used to … Continue reading Is it possible decrypt Android 8 encryption, if the device encryption key is gone (but with a known PIN and KEK)?
There are many questions about picking a hash function, including How to securely hash passwords? or Are there more modern password hashing methods than bcrypt and scrypt?, with very detailed answers, but most of them date quite a bit.
The… Continue reading In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?
I’ve written a password manager in JavaScript. It works in a browser.
Try it out
Are there any fundamental issues with the concept of a web based password manager?
Should I be concerned if hashes linger in memory longer than… Continue reading Concerns regarding a password manager web app
I found this presentation how Facebook stores customer passwords and how they do authentication.
This slide shows how they hash passwords:
Is it a good idea to do such operations with a raw password? Isn’t it “security-by-obscurity”? D… Continue reading How Facebook hashes passwords