IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sha256]

SHA-256 is a hashing algorithm.

178 questions
6
votes
1 answer

Security of bcrypt/sha256 key used with AES to encrypt a file

I'm looking to encrypt files using secure hashing and encryption algorithms in Python. Having used bcrypt in the past, I decided to use it for my passphrase calculator, then pass the output through SHA256 in order to get my 32 bytes of data, then…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
6
votes
2 answers

Is it safe to use a Windows executable with expired SHA256 certificate but valid SHA1 certificate?

Microsoft's Media Creation Tool to create Windows 10 installation media has a SHA1 digital signature and a SHA256 digital signature (shown via file properties). However, the certificate for SHA256 signature shows "valid to" field as Saturday,…
user172148
  • 61
  • 2
6
votes
1 answer

Source for up-to-date GPU/ASIC hash performance?

I am looking for CPU, GPU and/or ASIC performance stats on hash performance. Specifically SHA256 and Argon2i. I've googled and only came up with very limited anecdotal evidence. Considering that this fast-changing field is so important for security…
mkoistinen
  • 161
  • 1
  • 3
5
votes
1 answer

How does combining SHA256 with RIPE-MD160 compare to SHA256 + SHA-3?

Bitcoin stores its addresses as a combined SHA256 + RIPE-MD160 hash. Is it correct to assume this is done to prevent a failure in the algorithm? Since SHA3 was designed to be an alternative to SHA256, and uses a completely different methodology,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

NIST test vectors for HMAC-SHA-256

I'm working on an implementation of HMAC-SHA-256 in classic ASP (legacy code). I currently have it working, and the resulting values are correct compared to some test cases I came up with along with test cases found in RFC4231. Does NIST have…
nerdybeardo
  • 273
  • 2
  • 7
5
votes
2 answers

Is single iteration SHA-256 safe enough for hashing 128bit random number API keys?

I implemented this kind of authentication for my REST API, is this secure and is my logic sound? I am primarily curious about the SHA-256 hash & iterations = 1 aspect. I have omitted some details and explanations about the other aspects to keep this…
Janne Mattila
  • 153
  • 4
5
votes
3 answers

How can I find a SHA-256 hash with a given suffix using hashcat?

Recently we competed in the X-MAS 2019 CTF and many of the challenges included a proof of work (PoW) check to avoid Denial of Service (DoS) attacks against their servers. The most common was we were given a 6 character suffix and asked to find…
Kristopher Ives
  • 161
  • 1
  • 5
5
votes
1 answer

when should i use HMAC-based JWT?

I read a number of blog posts and found that it is tough to keep the secret-key a secret and if using a symmetric algorithm for JWT creation, the generator has the power to create as well as validate the JWT. This seems a place where it may be…
swayamraina
  • 151
  • 3
5
votes
1 answer

Is appending a salt before hash generation enough

I have what I think is a securely generated salt/hashing mechanism for HMAC authentication based on SHA256 in place. However, I'm using the salt in, from what I can see, a fairly standard way of just appending to the rest of the token before the…
DiskJunky
  • 165
  • 5
5
votes
2 answers

For high entropy credentials, is SHA256 hashing good enough?

Let's say I've got a database of high-entropy credentials (e.g. 256-bit random values) used as API keys by clients. I'd like to hash them in my database so that a database compromise doesn't allow an attacker to access my API with stolen…
Bosh
  • 223
  • 1
  • 5
4
votes
1 answer

Is there a benefit of using stateless JWT over SHA256 hash for API tokens?

Does it make sense to use stateless JWT (without persistent storage) over plain SHA256? Example scenario: User logs in User token generated as follows: a. JWT.encode(userId, 'secret') or b. SHA256(userId + 'secret') Client app sends request with…
SyBer
  • 143
  • 1
  • 5
4
votes
2 answers

which memory hard hashing algorithm can equalize low-computational and high-computational power devices to utilize blockchain in the IoT?

Recently IBM and Microsoft showed their interest (IBM post, Microsoft post) in utilizing bitcoin's blockchain for internet of things (IoT) development. Let's assume that in close future the blockchain technique to be implemented in smart cars…
Nur
  • 41
  • 3
4
votes
3 answers

Corporate PKI - SHA1 deprecation

Here is the context. Suppose you have a corporate PKI with : AC_Root (offline in safe store - SHA1 signature) SubRootA and SubrootB (offline in safe store - SHA1 signature) SubSubRootC, SubSubRootD, SubSubRootE... (online in HSM - SHA1…
crypto-learner
  • 697
  • 1
  • 7
  • 17
4
votes
2 answers

How to reasonably hash a composite key into a UUID?

The Problem In our system users are identified by a composite key. We'd like to devise a scheme to deterministically convert this composite key into a UUID. Solutions? The obvious first suggestion would be UUIDv5, however: It's based on SHA-1,…
Alex
  • 41
  • 1
  • 2
4
votes
2 answers

SHA256 instead of Rfc2898DeriveBytes

Is it enough to use this method with SHA256 or it is better to use Rfc2898DeriveBytes (which orginally uses SHA1)? public static byte[] ComputeHash(byte[] data, byte[] salt, int iterations) { if (data == null) throw new…
Maxim
  • 183
  • 1
  • 7
1 2
3
11 12