Collaborate Disseminate
I am currently learning about cybersecurity and trying to implement it in my next web application.
I have been reading some articles about hashing, specifically SHA2 and Blowfish.
In this article, it is recommended to add a hard-coded salt… Continue reading Is it a good practice to add hard-coded salt to BCrypt passwords?
This is a sha1 hash. I tried to use John to crack it but it never succeeded. Is my operation wrong?
197DA5234A66247E01348CBAB00BA3035E11C415
I’m quite new to the security topic and encryption.
Our software has to comply with FIPS 140-2. I have the following method (C#).
In this case, the algorithm is AES256.
What concerns me, is that we use SHA1 to hash the key. It is acceptabl… Continue reading FIPS 140-2 compliance implementation
Ofrece servicios de emisión de certificados para firma electrónica, es una obligación para pago de impuestos.
El usuario común no conoce la tecnología detrás, pero percibe la velocidad de respuesta.
Entonces, cómo elegir el tamaño adecuado… Continue reading Qué longitud de certificado es más seguro y fácil de manejar, 2048, 3072 ó 4096 para usuarios no expertos?
I’m a developer of a mobile Android app. In my app, I’ve implemented code that reports the SHA-1 certificate fingerprint (implemented in Java code, as described in this post), in this way we can tell which users are using the real (Google … Continue reading Can a hacker resign an APK and keep the same certificate fingerprint
How do I acquire the means to prove in the future that I had possission of a
file now, without relying on the integrity of a single entity? (I believe one
way of doing it would be to put the file through SHA1, and send a minimal
amount of… Continue reading Proving that a file existed at a time
I want to implement TOTP in the same manner as RFC 6238 (https://www.rfc-editor.org/info/rfc6238), but keccak instead of SHA-1.
Keccak follows sponge function with the data rate r and the capacity c.
For lightweight version, the combinatio… Continue reading Security concern for TOTP using keccak?
Maybe it’s not a good idea, but I would like to check it with you.
When using HMAC SHA to hash a clear text value (string max 30 char) I need to use a key (256) but in my scenario this key is static and always the same each time I need to … Continue reading HMAC SHA256 by using a static key + text as a key
I am building up a PKI and have 2 different chains of trust used for TLS Certificates.
1st Chain:
SHA1-Root / 2048 RSA Key ( provided by CA )
–> SHA256-Intermediate / 2048 Key ( mine )
—-> End Certificate
2nd Chain:
SHA256-Root / … Continue reading Any harm in having a SHA-384 and 3072-Key for an intermediate Certificate?
I have a SSHA256 hashed password. Below is the plaintext and hashed password for it.
PlainText -p@ssw0rd
Encrypted -{SSHA256}LGkJJV6e7wPDKEr3BKSg0K0XDllewz9tvSNSaslDmIfPFmyuI5blUK/QsTXjvgFKLlMQm1jPC7K7z/KaD4zoHQ==
How can I extract salt f… Continue reading How can I extract salt from encoded base64 Salted SHA 256 hashed password