Collaborate Disseminate
Okta released a security advisory 4 days ago, stating that accounts with username longer than 52 characters can login with arbitrary password under specific conditions.
Some people in X/Twitter suspect that Okta use userid + username + pas… Continue reading Revisiting: Pre-hash password before applying bcrypt to avoid restricting password length
I have setup an AlmaLinux9 server with SSHD. I have also generated a priv+pub key on my workstation, and when I check the algorithm used by my key it shows:
ssh-keygen -l -f myprivatekey.pem
2048 SHA256:p8qjW7xUG6CrB7I0edKIGoQarzHtTgqoHf7… Continue reading What encryption algorithm is putty using?
I’m working on a Bluetooth Low Energy lock system and have implemented a challenge-response authentication flow for secure communication between the lock (an ESP32 device) and the user’s phone. I’m very new to these technologies, and was w… Continue reading BLE Challenge-Response Authentication Using Pre-Shared Key and SHA-256
I’m working on a Bluetooth Low Energy lock system and have implemented a challenge-response authentication flow for secure communication between the lock (an ESP32 device) and the user’s phone. I’m very new to these technologies, and was w… Continue reading BLE Challenge-Response Authentication Using Pre-Shared Key and SHA-256
I use linux and tend to distro hop a lot. I’ve noticed often that the distributions offer that you verify the download with a sha256sum hash and a GPG key.
My understanding is that a file, e.g. a linux .iso file will have an (almost) uniqu… Continue reading What is the point of a gpg file alongside the hash of a Linux ISO download? [duplicate]
Is there any example for data that has the same sha256sum value?
Or is it impossible to find out with current computational power?
Continue reading example for 2 data with same sha256 sum [migrated]
My antivirus detected some malware in my browser cache while just browsing a webpage. The file was quarantined and I deleted it, however it looked like JavaScript.
As I had deleted the file and had nothing to upload, I decided to put the U… Continue reading Virus-Total URL Scan vs SHA-256 Analysis?
I just ran into something strange IMO.
I created a RSA Key using nodejs cryptoutils to use with my JWT auth server.
What I observer using jwt.io was the following:
The last letter of the signature can be changed, and the jwt is still consi… Continue reading JWT – Able to change signature and its still verified?
Background: At my place of work, we’re trying to block all unapproved browsers on all Windows machines and the IT Security guys did a search on our internal infrastructure and came up with a list of all the hash values of the installed Ver… Continue reading Does a database with pre-calculated SHA256 values exist for Windows EXEs?
I found that one of our programs uses an sha256 implementation, that produces different hashes for same inputs, compared to standard libraries (in this case compared to node:crypto and Web Crypto API.
The hashes are different for character… Continue reading Implications of SHA256 implementation producing false / unexpected hashes