Highest Voted 'hash' Questions - IT Security Stack Exchange

1

vote

1 answer

Password hashing on both client and server : what are the risks concerning hash composition (collisions and reversing)?

There are plenty of question addressing the "client / server : where to hash ?", but i have not found anything about my particular question : considering a server_salted_hash(client_salted_hash(password)), using HTTPS, What are the risks concerning…

authentication passwords hash

asked Nov 22 '18 at 13:50

hl037_

111
3

1

vote

0 answers

Help figuring out this hash function

I have a tough nut to crack. I'm working on hashing passwords for our network switches (because the alternative is plain-text passwords...). For people who would care about this; it's a huawei switch. The easy part first If I give Test1234 as…

passwords hash encoding

asked Nov 15 '18 at 21:00

Xabre

111
3

1

vote

1 answer

preimage resistance

I'm struggling to get a clear understanding of second preimage resistance and collision resistance. Research on the internet yielded the following definitions: Second pre-image resistance Given an input m1, it should be difficult to find a different…

hash

asked Nov 03 '18 at 19:38

Fang

113
5

1

vote

0 answers

Rotating session names vs a static session name with a rotating validation string

I'm building my own session management library in the Go programming language and I had an interesting idea to save memory. I created something called an overseer that looks for expired and abandon sessions and wiped them from memory. The only…

web-application hash webserver session-management session-fixation

asked Oct 31 '18 at 01:08

Cygnini - ShadowRi5ing

11
3

1

vote

1 answer

How to support search of data under PCI-DSS?

Suppose that the data in question is a card PAN. According to PCI-DSS, you have to store it with extra security (encrypt it before storing in database and store the secret key elsewhere with more restricted access). But what if you had to support…

hash pci-dss

asked Oct 29 '18 at 14:29

Info Sec

11
2

1

vote

1 answer

Bots trying to spoof encoded email links, but why?

I've setup an application for my client, that sends lists of job vacancies to subscribers every Monday morning. The emails use a custom link redirector service, to make the links email friendly, and to count clicks etc. This redirector uses a hashed…

hash email-spoofing

asked Oct 29 '18 at 00:17

user1751825

905
4
10

1

vote

0 answers

How to mask attack a sha256 hash with following information using hashcat?

I am hashcat newbie and I want to crack a hash :) The answer is 1-15 (unknown) characters and it may contain 'a-z' 'A-Z' '0-9' and '_' . (A Twitter username) How may I mask attack a hash with above information using hashcat? The brute force (below)…

hash brute-force sha256 hashcat twitter

asked Oct 26 '18 at 01:28

user189730

1

vote

2 answers

Does a File's Checksum Change after it is Digitally Signed?

From my understanding, when you digitally sign a file, it changes that file's checksum because they are bundled together. Example of what I mean: file1.txt only contains the letter 'd' and the crc32 checksum of this file is 98dd4acc. However, I…

certificates hash digital-signature

asked Oct 22 '18 at 02:32

user186693

1

vote

1 answer

Should API Secrets used for simple authentication be hashed in the database?

There was a similar question which I found which was asked the better half of a decade ago "Is it okay for API secret to be stored in plain text or decrypt-able?", but the majority of answers seem to revolve around API security schemes where the…

web-application hash appsec api

asked Oct 21 '18 at 21:16

William Dunne

316
1
10

1

vote

0 answers

Increase password iterations?

Is it possible to strengthen the macOS login password by increasing the number of sha-512 iterations?

passwords hash password-cracking macos

asked Oct 21 '18 at 10:56

user189410

11
1

1

vote

1 answer

Ensuring key integrity

I have encrypted AES key stored in the database with the encrypted data. AES key is encrypted with a key derived from the passphrase. I want to ensure the integrity of the stored AES key. Is the checksum (SHA-256) of the plain key all I need or is…

encryption hash key-management aes integrity

asked Oct 20 '18 at 07:40

Tuomas Toivonen

371
1
2
10

1

vote

1 answer

How do Field Programmable Gate Arrays (FPGAs) compare to Graphics Processing Units (GPUs); for cracking hashes?

As a general rule, GPUs are more effective than CPUs when it comes to performing acutely repetitive tasks, like iterating over lists and generating permutations of a set (i.e. exhausting dictionaries & keysets), in order to crack a hash. Obviously,…

passwords hash password-cracking hardware gpu

asked Oct 19 '18 at 06:20

voices

1,649
7
22
36

1

vote

1 answer

If someone has a hashed password, how long till they decrypt it?

Earlier my friend suggested that we have a race to see who could decrypt a hashed password first. I want to do it but I don't want it to be an all month thing. I know when passwords are hashed they can't be unhashed but if someone were to have the…

passwords hash password-cracking

asked Oct 05 '18 at 04:44

EvilBmo

47
8

1

vote

1 answer

Same content different hash?

So I made a txt file using notepad and made a hash of it: SHA1: 701B6FAD6530C61528F9C11F024A9434B3C42D65 then I edited that file and took the hash again: SHA1: 97A1D0B1A8BBEE639BADF4A54CEC1C83284ED1CF then I reverted a change: SHA1:…

hash sha

asked Sep 26 '18 at 04:14

Aibek

13
4

1

vote

5 answers

making an iPhone/Android app which sends a user password to my server, how to secure?

I'm making an iPhone/Android app for my website, users already have an account on the website and the app will allow them to login. I don't have SSL on my website, but it's just a reviews website and no private data is transmitted, nevertheless, on…

encryption hash mobile

asked Aug 28 '12 at 16:11

fiftyeight

257
4
9

Questions tagged [hash]