Collaborate Disseminate
I want to hash passwords for security, but strong bcrypt by nature eat up a bit of resources of the server. So I was thinking to do the encryption on the client side. This would prevent the password from being known in the case the off cha… Continue reading Is client-side bcrypt sent over tls + server-side sha hmac secure for password storage?
So delving into securing server and not quite understanding how I broke the ability to rdp into my server (using xfreerdp). I disabled MD5 as an available hash and enabled SHA. The exact changes in the registry I made were to:
HKLM\System\… Continue reading Disabled MD5 and enabled SHA under SCHANNEL/Hashes in registry. xfreerdp fails with an ssl i/o error
We regularly use 10000 iterations of SHA256 for hashing passwords.
If we want to have similar security, how many rounds/work factor should we use when hashing passwords with bcrypt?
Continue reading How many rounds of Bcrypt to use for security equivalent to SHA256?
I have bunch of cat images whose names are sha1 of website where it was posted.
Here is an example: 3afec3b4765f8f0a07b78f98c07b83f013567a0a.jpg
website: http://www.example.com/image.jpg
If sha1 is simple/dumb function i.e. hash = sha1(‘te… Continue reading Why can’t we produce original text from sha1 if there is no random salt attached
Given the following situation:
User makes a request for temporary access to a video
Backend responds with a json file containing timeAllowedInSeconds: 5
Backend also responds with the signature of the json, a 40-character hexadecimal stri… Continue reading How hard is to reverse engineer a signature for a given message?
PHP (and by extension WordPress) only supports MySQL native & sha256 password authentication.
MariaDB Server only supports MySQL native & ed25519 password authentication.
Since MySQL native password authentication uses SHA-1 and is… Continue reading Is MariaDB Server obsolete for PHP and WordPress projects?
When it comes to hashing passwords, it is nowadays practice to do 100’000 or 200’000 iterations of SHA256/SHA512, or at least something in that ballpark.
But my question is, why is it not safe enough to just do a very small but unusual num… Continue reading Why not just use a small but unusual number of hashing rounds?
John the Ripper is unable to crack my SHA1 hashed password:
john –wordlist=rockyou.txt testing.txt
Whenever I do this in Kali Linux, I get this response:
Loaded 1 password hash (Raw-SHA1 [SHA1 256/256 AVX2 8x]) Warning: no OpenMP support… Continue reading John the Ripper is unable to crack my SHA1 hashed password
I have been researching SHA and its applications. While many SHA algorithms exist they can be categorized into three groups SHA, SHA-1, SHA-2, and SHA-3. SHA through SHA-2 is based on the Merkle–Damgård construction which I presume has a c… Continue reading What are the different ways of finding collisions in SHA?
The following hash is assumed to be a SHA1 hash (guessing from the sha1 prefix)
sha1$3308f$12d8b6b479558ff120b01c324537f30c73f31478
However I am unable to understand why are there two $ symbols in the hash. Do they signify salting? If yes … Continue reading SHA1 hash confusion