Highest Voted 'sha256' Questions - IT Security Stack Exchange

15

votes

3 answers

With ASIC bitcoin miners, should SHA256 be considered insecure for password hashing?

I'm sure everyone here has seen the rise and further rise of bitcoin. The process used for mining bitcoin is basically "let's brute force an SHA256 hash that is less than this amount" That being said, it seems to really be getting popular. Now…

asked Apr 15 '13 at 17:31

Earlz

604
2
6
15

14

votes

13 answers

Couldn't we create a string that produces the same hash as another string in SHA-256?

Let's say we have a separate hashing algorithm called s2 and it would convert Hello into dug84nd8. If we could take the algorithm and just reverse engineer it to generate a string like 8GN492MD that would also output dug84nd8, wouldn't it say that…

hash password-cracking sha256

asked Aug 11 '20 at 20:23

xyper

173
1
4

14

votes

2 answers

Base64 encoding of a SHA256 hash

I'm currently reading up on JWTs and have written something to create them. When I created my JWT I noticed that my signature was not being encoded properly. For instance, given the…

hash sha256 jwt

asked Dec 14 '16 at 19:31

etchesketch

243
1
2
5

12

votes

4 answers

What are the pros and cons of using sha256 to hash a password before passing it to bcrypt?

I recently became aware of the fact that bcrypt truncates passwords to 72 characters. Practically speaking my intuition is that this does not pose any major security problems. However, I understand that it does mean any software libraries that use…

passwords bcrypt python sha256 django

asked Jun 22 '15 at 14:48

Dan Tao

281
2
6

12

votes

3 answers

What does GUID have, that a Whirlpool, MD5 or SHA-2 hash don't?

I'm trying to understand the use of GUID and what has always left me wondering is what's so special about them that I should consider using them instead of rolling my own type of unique ID. In other words, why can't I use a Whirlpool hash like:…

hash md5 sha sha2 sha256

asked Apr 12 '13 at 12:03

dendini

680
2
8
12

10

votes

1 answer

Does 7-Zip really run multiple rounds of SHA-256 when key stretching?

Recently I was testing whether I could make 7-Zip archives more bruteforce-resistant. Both someone on Wikipedia and @kelalaka on this website make the following claim: The 7z format supports encryption with the AES algorithm with a 256-bit key. The…

sha256 key-stretching 7zip

asked Mar 21 '22 at 19:22

d33tah

6,524
8
38
60

10

votes

4 answers

SHA & MD5 Collisions for shorter strings

This is not for passwords. I understand that MD5 and SHA-512, etc... are insecure because they can have collisions. However, is it still possible to have a collision if the string length is less than the hash size (i.e. MD5 is a 32 character hash)?…

sha md5 sha256

asked Mar 08 '21 at 04:11

Seth Knorr

109
1
4

10

votes

2 answers

Why is SHA-256 not good for passwords?

I've just started learning about all of this and I can't really find an answer for that anywhere, namely why is SHA-256 not used for passwords? I found that the reason is that because normal SHA-256 is a fast function, and it's better to use slower…

passwords cryptography hash sha256

asked Oct 12 '18 at 00:27

Wiktor

211
1
2
5

9

votes

2 answers

Do I REALLY need to change my LastPass password?

Last weekend LastPass' network was compromised and that a list of email addresses along with the hashes of the master passwords were stolen. It is being recommended that LastPass users change their passwords on several security websites. …

brute-force salt pbkdf2 sha256 lastpass

asked Jun 16 '15 at 14:06

cuengi8

103
2

9

votes

7 answers

How likely is a collision using MD5 compared to SHA256 (for checking file integrity)?

Many sites these days offer MD5 and SHA256 hashes to check the integrity of downloaded files or archives. I wonder how much safer is the use of the SHA256 hashes for integrity checks? Note: Consider the file content as random input (no…

hash integrity md5 sha256

asked Feb 11 '19 at 06:46

Marcel

3,494
1
18
35

8

votes

2 answers

Is SHA-256 + Salt still safe for password storage?

I am developing a website which requires users to register to it in order to use it's functions and I was wondering if SHA-256 + salt (random salt provided by RNGCryptoServiceProvider in C#) is secure and good enough to use in 2017?

passwords cryptography hash sha256

asked Jun 29 '17 at 08:26

Itay080

185
1
1
6

8

votes

1 answer

Is using "SHA-256 with RSA-2048 Encryption" a secure certificate hashing algorithm?

Is using "SHA-256 with RSA-2048 Encryption" a secure certificate hashing algorithm? I don't think it is. Two examples: nsa.gov [careers site] give.wfp.org

certificates rsa sha256 nsa

asked May 02 '16 at 20:37

noɥʇʎԀʎzɐɹƆ

416
1
3
15

7

votes

1 answer

Is PBKDF2 only SHA1 in C#?

I can't find a way of specifying the hashing algorithm used by the PBKDF2 (the Rfc2898DeriveBytes class) implementation in C# System.Security.Cryptography. It seems to be just SHA1. Am I missing something? I was hoping to use PBKDF2-SHA256.

cryptography hash .net pbkdf2 sha256

asked Sep 06 '12 at 04:33

Foo Party

171
1
2

7

votes

3 answers

Hashing a large file on an embedded system

I'm trying to come up with a way to verify the authenticity of a file that I'm downloading from a server to an embedded system. I'm thinking of using a hash (SHA256 preferably). My main concern is that the file size might be too large to load it…

hash sha256 embedded-system

asked Feb 12 '18 at 21:34

rorschach

71
3

7

votes

1 answer

Is BCrypt enough when saving a password into a database?

In order to allow users to connect to my website, I encrypt their password using BCrypt since it is one of the slowest algorithms to decrypt (making a compromised database longer to be decrypted). But I was wondering if that was enough -- or if…

cryptography passwords hash bcrypt sha256

asked May 08 '12 at 18:30

Cyril N.

2,649
2
18
28

Questions tagged [sha256]