All Questions
29 questions
15
votes
6
answers
9k
views
Is it possible to generate a file with a given sha256sum checksum?
Is it possible to generate a file with a given sha256sum checksum?
That is, reverse the process of a sha256sum checksum. That is, if we have a checksum, can we generate txt file data (need not be ...
- 223
4
votes
1
answer
1k
views
What is the math behind iterations in PBKDF2-SHA256 for lastpass users?
I am looking for a technical estimate of how bad the situation is regarding the recent hack of lastpass. The hack was covered by several outlets: Naked Security, Ars Technica.
Lastpass has admitted ...
- 143
2
votes
3
answers
8k
views
How can I extract salt from encoded base64 Salted SHA 256 hashed password
I have a SSHA256 hashed password. Below is the plaintext and hashed password for it.
PlainText -p@ssw0rd
Encrypted -{SSHA256}LGkJJV6e7wPDKEr3BKSg0K0XDllewz9tvSNSaslDmIfPFmyuI5blUK/...
- 125
10
votes
4
answers
8k
views
SHA & MD5 Collisions for shorter strings
This is not for passwords. I understand that MD5 and SHA-512, etc... are insecure because they can have collisions.
However, is it still possible to have a collision if the string length is less than ...
- 109
0
votes
3
answers
2k
views
Different SHA256 checksum of same version of ssh binary on different machines
I was wondering if I compare SHA-256 of two binaries with same version on different machines, results will be two identical checksums.
I tried this on ssh on macOS (Catalina). (I checked that ssh -V ...
- 1
1
vote
1
answer
546
views
Does it increase security to hash a SHA1 hash with a common salt with SHA256 with individual salt [duplicate]
I tried to find a similar question but I did not find a question describing my exact scenario and I am still puzzled if the following actually makes an application more secure.
I have legacy ...
1
vote
3
answers
2k
views
Which function to hash 128 bit API key with?
I'm generating 128 bit API keys. AFAIK 128 is totally secure for generated key. In the DB I want to store hashes, not the plain text (to be protected against DB leak), but what hashing algorithm ...
- 299
2
votes
1
answer
6k
views
HMAC-SHA256 for JWT Token Signature
I am currently working at a company in which we have the need to design a token based authentication system. We will be the owners and controlers of two servers, one being the authentication server ...
- 2,751
0
votes
2
answers
538
views
Inconsistency Among MD5, SHA1, and SHA256 Hashing Protocols
There appears to be an inconsistency (or unpublished protocol) in many online hash generators when formulating a hash from an uploaded text file, versus strictly hashing the contents of a file. This ...
- 103
1
vote
1
answer
1k
views
SHA256 for IV for AES-256 CBC?
When making an IV for AES-256 CBC mode the IV should be random and shouldn't be able to be guessed.
If I were to use the rand() function in C, seeded with time(NULL) to generate sim random numbers ...
- 111
-1
votes
2
answers
3k
views
How can I make a program to verify file integrity? [closed]
How to make a program that calculates a checksum of a file? What is the exact process of calculating a checksum?
5
votes
2
answers
6k
views
How to reasonably hash a composite key into a UUID?
The Problem
In our system users are identified by a composite key. We'd like to devise a scheme to deterministically convert this composite key into a UUID.
Solutions?
The obvious first suggestion ...
- 51
2
votes
2
answers
9k
views
How does this site decrypt SHA256 hashes? [duplicate]
I thought sha256 is impossible to crack (so far).
But I saw a website, that could decrypt my hash.
So is this because they store known hastes in a database or
do they really decrypt hashes?
Here's an ...
- 53
1
vote
2
answers
365
views
How can we retire SHA1 in prefernce to SHA256 or SHA-3?
According to http://www.pcworld.com/article/3174676/security/sha-1-collision-can-break-svn-code-repositories.html and https://www.theregister.co.uk/2017/02/23/google_first_sha1_collision/ you could ...
- 151
0
votes
2
answers
459
views
What are the implications of reversing hashes
Today it was posited to me that
sha256 has a domain large enough to never encounter a collision and
that because it is such a large domain and given that a reverse function was created for it, that ...
- 101
3
votes
2
answers
622
views
Checking a locally stored string for tamper
I'm working on a multiplayer game using WebSockets. I've decided all user data will be stored on the client, eliminating the need for authentication using passwords etc.
LocalStorage
'save' -> '{"...
- 133
4
votes
4
answers
15k
views
Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy? [duplicate]
I know this is a real dumb question and I am certainly talking complete rubbish, but let me explain:
We have a long SHA-256 hash, e.g.: ...
- 1,257
23
votes
9
answers
30k
views
Deprecation of SHA1 code signing certificates on Windows
EDIT (7/7/2016) - see addition at the end of post
I have been keenly following the issues with regards to Microsoft deprecating the use of SHA1 code-signing certificates for Windows executables (http:...
- 331
0
votes
1
answer
999
views
Can SHA1 certificate be used for SHA256 cipher?
I have two Windows 2008 R2 domain controllers configured with TLS 1.2. Both certificates are SHA1-RSA. I captured network traffic between two DCs while running LDAPS (LDP.EXE). It seems TLS 1.2 was ...
- 1
1
vote
2
answers
355
views
Is this explanation about how SSL Certificate Signatures work correct?
I was reviewing some information about SSL certificates and came across an explanation I believe to be incorrect.
The explanation is of how signatures and hashing algorithms work in the context of ...
- 108
3
votes
1
answer
12k
views
Creating an TLS certificate using keytool with SHA-256
I want to create a TLS certificate for my personal tomcat8 webserver on a Debian ARM server. I've done this before, using the following command:
/usr/bin/keytool -genkey -alias tomcat -keyalg RSA -...
- 7,569
27
votes
7
answers
4k
views
Is sha1sum still secure for downloadable software packages signature?
We use sha1sum to calculate SHA-1 hash value of our packages.
Clarification about the usage:
We distribute some software packages, and we want users to be able to check that what they downloaded is ...
- 1,479
2
votes
2
answers
7k
views
which hashing algorithm is better to use to store a password, sha256 or sha512? [duplicate]
which hashing algorithm is better to use to store a password, sha256 or sha512?
I know that sha512 is more secure than sha256 but I was wondering if it has some disadvantages or it is completely ...
- 459
2
votes
1
answer
311
views
Issue regarding installation of SHA256 scertificate
Can anyone help me with the installation of SHA256 certificate? I have generated the certificate perfectly but there seems to be an error below:
Kindly let me know why am getting the exclamation mark ...
95
votes
2
answers
85k
views
What is the relationship between "SHA-2" and "SHA-256"
I'm confused on the difference between SHA-2 and SHA-256 and often hear them used interchangeably (which seems really wrong). I think SHA-2 a "family" of hash algorithms and SHA-256 a specific ...
- 3,498
2
votes
1
answer
190
views
In DNSSec, are Delegation Signer Records always SHA-1?
I'm creating a RSA/SHA-512 Zone Signing Key and Key Signing Key at Dynect Managed DNS (corporate offering)
The Delegation Signer Record that was created is SHA1. Should I be concerned about this?
- 51.1k
2
votes
1
answer
2k
views
Reversing a block hash of SHA-1 with known Plaintext?
Is it possible to reverse the hashing of a block in a Datastream fed to an SHA1 if the plaintext for that block is known? If it is not possible (which I assume) does it make attacks to retrieve the ...
- 123
15
votes
3
answers
15k
views
With ASIC bitcoin miners, should SHA256 be considered insecure for password hashing?
I'm sure everyone here has seen the rise and further rise of bitcoin. The process used for mining bitcoin is basically "let's brute force an SHA256 hash that is less than this amount"
That being ...
- 614
12
votes
3
answers
13k
views
What does GUID have, that a Whirlpool, MD5 or SHA-2 hash don't?
I'm trying to understand the use of GUID and what has always left me wondering is what's so special about them that I should consider using them instead of rolling my own type of unique ID. In other ...
- 770