Collaborate Disseminate
According to my research, if you want to store passwords securely, you should use built-in hash functions that have been vetted by the professionals. Best practices recommend that you do not add a hard-coded pepper.
But why not?
Let’s say:… Continue reading Why do best practices recommend against adding your own pepper to passwords before hashing?
I would think all it has to do is read the file, compute an SHA 256 in fast AES hardware, and compare it to a known correct value from a table that was itself hashed for validation.
But it seems to take forever. How come? Are they sending … Continue reading Why does Windows SFC /scannow take so long to run? [migrated]
So I was reading through an article about how passwords are salted and hashed through a cryptographic function here, and found out that hashed passwords, along with the plaintext salt values are stored in the database.
Now, I was wondering… Continue reading Question about storing salt values and hashed passwords in the database [duplicate]
Is there any example for data that has the same sha256sum value?
Or is it impossible to find out with current computational power?
Continue reading example for 2 data with same sha256 sum [migrated]
I want to create a server where after the user logs the server gives them a randomly generated access token that is hashed using SHA256, that I store in the database a long with an expiration date, I thought this was secure, until I rememb… Continue reading is access token using SHA256 secure?
We just detected an intrusion in one of our labs!!
Some strange network traffic was seen from one of the Windows servers and it was immediately
isolated. Around the same time, there were some alerts for suspicious traffic originating from … Continue reading intrusion and network traffic
For this file it shows SHA1:
But going into details the certificate looks like this:
I know SHA1 is an outdated algorithm but I’m not sure about this nested construction. Is this insecure? Which of the two parts matter, does it matter th… Continue reading .exe with Digital Signature, showing SHA1 but the Certificate is SHA384, is it secure?
Is it possible to generate a file with a given sha256sum checksum?
That is, reverse the process of a sha256sum checksum. That is, if we have a checksum, can we generate txt file data (need not be original) whose its checksum is equal to th… Continue reading Is it possible to generate a file with a given sha256sum checksum?
For a while I’ve been pondering a user authentication protocol that aims to ensure that a client does some computational work before the server will attempt to authenticate the password.
The reason for this is to remove some of the asymmet… Continue reading Using Proof of Work to slow down login attempts
I’ve made this PHP hashing function, what do you think, is it secure against different attacks? Like hashcat, side-channel, brute force…
The reason why I am searching for an algorithm besides tested and accepted alternatives like passwo… Continue reading Rate this hashing algorithm, is it secure? [closed]