SHA 1 with RSA for ssl certificate
Hi using SHA 1 with RSA encryption for ssl certificate is secure? As i know, sha 1 is not secure, but if we use RSA with sha1, still it will be an issue? Please suggest if any security issues exist.
Category Archives: sha
How to increase the time for an offline password attack
I am trying to answer a CASP exam practice question.
Could someone comment on the options below regarding the logic behind each item? Where is the logical error behind each statement?
A Storage-as-a-Service company impl… Continue reading How to increase the time for an offline password attack
Disabling SHA-1 in TLS handshake in Linux
As SHA-1 is not recommended, I want to disable the SHA-1 hash algorithm. I used OpenSSL API to set signature algorithm to SSL_CTX,
static INT32 signAlgoList[24] = { NID_sha512, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_DSA, NID_sha… Continue reading Disabling SHA-1 in TLS handshake in Linux
Security of weak hashing algorithms if message size is fixed
We are in the process of choosing a hashing algorithm for file verification. As some of our files are large (up to 1 GB), performance of the algorithm is a high priority. Initial testing of certain algorithms from fastest to … Continue reading Security of weak hashing algorithms if message size is fixed
Are mkpasswd SHA512 hashes secure for the public?
I am no crypto expert in any way so please bear with me if my question is kind of stupid.
We use OpenSSH key pairs on a regular basis and due to the asymmetric nature of key pairs, as far as I understood the concept, giving … Continue reading Are mkpasswd SHA512 hashes secure for the public?
Why aren’t collisions important with HMAC?
SHA-1 is broken because collisions can be found in substantially fewer hash operations than naive brute-force would suggest. HMAC-SHA1 is fine, however, because for HMAC “collisions aren’t important.”
Why aren’t collisions … Continue reading Why aren’t collisions important with HMAC?
How to reverse engineer password from /etc/shadow
I failed to answer a question in a CaptureTheFlag event, and the the question still bugs me. I want to share the question here and please help me if you know the solution.
Question:
You have the shadow file form a linux mach… Continue reading How to reverse engineer password from /etc/shadow
Cipher Question: Is SHA SHA1? SHA0?
There is so little info and so much confusion out there; People often equate SHA2 as being SHA256; so then would SHA be 160 bit? AKA SHA1? Is SHA depreciated like SHA1? Are they the same thing? What is the difference? Does a … Continue reading Cipher Question: Is SHA SHA1? SHA0?
How secure is BCRYPT(SHA1(Password)) [duplicate]
This question is a fork from a previous question here:
Is it safe/wise to store a salt in the same field as the hashed password?
Assume you run a web portal, and store passwords in SHA1 hashes. How do you upgrade this to BCRYPT hashes ins… Continue reading How secure is BCRYPT(SHA1(Password)) [duplicate]
Dictionary Attack on SHA1 hashes [on hold]
I have list of SHA1 hashes and a password list. And I want to perform a Dictionary Attack on these hashes. Can you please help me write a code for this in C or Python? I do not have much experience in coding, so it would be o… Continue reading Dictionary Attack on SHA1 hashes [on hold]