1,071 questions
1
vote
1
answer
178
views
Why is my salted SHA-512 hashing code not matching Excel's?
I am attempting to replicate the hashing the Excel does when a sheet is password-protected in Python, but am not matching even when testing on dummy inputs. From the xml file, I am seeing this:
...
- 13
1
vote
1
answer
107
views
How to verify user password with HMACSHA512?
I'm trying to write a method to verify a user's password which has been generated using HMACSHA512. The method receives the password to verify along with the original password hash and salt which have ...
- 1,882
0
votes
0
answers
71
views
Is there a way to specify a salt in dart/flutter so I can use wordpress' salt?
I have a wordpress website. I am making a flutter/dart app.
I need to process logins, resetting of passwords, and sending of emails. I want to make sure this is secure.
I have had issues using the ...
1
vote
2
answers
454
views
MySQL - How to generate a hashing password with salt in caching_sha2_password format
In MySQL 5.7, I used to create a hashing password in Ruby by
def generate_mysql_password(plaintext_password)
digest = OpenSSL::Digest.new('sha1', OpenSSL::Digest.new('sha1', plaintext_password)....
- 17
2
votes
1
answer
110
views
Does FusionAuth use a random salt for each password in Salted PBKDF2 HMAC SHA-256?
I am trying to find if FusionAuth uses a random salt for hashing algorithm in Salted PBKDF2 HMAC SHA-256
- 151
0
votes
2
answers
2k
views
If an Hacker get salt and our hashed password from a database, why can't he hack the password? [duplicate]
They say salting a password and then hashing it will be far more secure. We all Know that passwords are salted and then hashed, eventually get stored in databases.
During Data breaches a hacker can ...
- 21
0
votes
2
answers
157
views
data and salt required : hashSync
i'm trying to hash the password inside the ueserRouter with hashSync to create a signup
the error: data and salt are required
if someone can help how can i declare data and salt in this function
the ...
0
votes
1
answer
186
views
In CakePHP, Is there a safer way to store secrets in database.php and core.php?
In CakePHP, database connection strings, salt, and encryption keys are stored in plain text. If someone physically steals the webserver, they can obtain access to the database that may be on the same ...
0
votes
1
answer
873
views
how password_verify() function actually works in PHP [duplicate]
I am wondering about how password_verify() verifies the hash, I have reviewed the documentation and many answers in StackOverflow, but I didn't get the idea
because, as I understood, this function ...
- 2,921
0
votes
1
answer
33
views
Design principles for signing REST content using signParams and signature
I am trying to recreate the behavior of an app to become an integration in Home Assistant. I am able authenticate and communicate with the server using HTTPS, but for certain endpoints - the server ...
- 1
1
vote
1
answer
1k
views
Is it possible to encrypt (not hash!) and use a salt?
I am encrypting objects using Node.js native crypto methods like createCipherIv.
const algorithm = "aes256";
const inputEncoding = "utf8";
const outputEncoding = "hex";
...
- 342
0
votes
1
answer
671
views
Converting AES decryption function from Java to Flutter
I have been trying to convert an AES decryption function from Java to Dart.
It uses AES with, IV and salt. No padding operations are performed.
This is the Java code:
public byte[] Decrypt(byte[] ...
- 101
0
votes
2
answers
1k
views
Can't Verify Hash Password in C#
In C# language, my purpose is to hash password with hash_password(), then verify it with verify() methods. I hash and salt for password 's3cr3t', then check for two examples and return true if ...
-1
votes
1
answer
794
views
Is Argon2 better than salted hashing algorithm?
I already know that slow-hashing functions are good for storing passwords as it is very time consuming to crack them. And we know that Argon2 is a slow algorithm, and not only that, but Argon2 ...
- 67
5
votes
1
answer
2k
views
How is a password checked against a hashed and salted password?
If a user creates a new password and this goes through a hash algorithm and is stored in the database, it can then be matched up with the user's entered password when they log in. The password entered ...
- 1,167
0
votes
1
answer
128
views
Hashing gives different result
I am using Python and MySql to handle user authentication. I have added the users thru python with the exact same method, but when I try to do the "login"/authentication it does not match.
...
- 43
-1
votes
1
answer
69
views
PEPPER in a backend Flask app throwing KeyError: 'PEPPER'
We are doing a small backend project and the mate who developed the backend is not working with us anymore. We are stuck with this now, I understand this is related to security related? Trying to host ...
- 307
0
votes
1
answer
2k
views
Invalid salt error when comparing plain text and hash with bcrypt
I'm trying to compare a saved hash and a user input in python using bcrypt. My code:
while passnotcorrect == True:
password = input("Enter password: ")
password = ...
- 1,212
0
votes
0
answers
420
views
I want to encrypt an entire password column in a table on a mysql database, using the salted hash method or aes encrypt method, how do i go about it?
That is the image above, i need the final piece to complete the project. Can anyone help me with the code to encrypt the entire password column, using aes_encrypt method or salted hash method?
I tried ...
1
vote
1
answer
521
views
How can we generate Random Salt of 32 bytes in Rhino JS
I am trying to generate a random salt of 32 bytes size. But my JS engine Rhino 1.7.13 doesn't support SecureRandom class.
Below is the code snippet of the same.
function getSalt() {
var random = ...
- 776
0
votes
0
answers
253
views
Problems with the NanoSalt library [PHP]
I'm trying to setup the NanoSalt library on XAMPP with PHP 8.1
It return to me this error:
Fatal error: Uncaught Error: Class "MikeRow\Salt\Exception" not found in C:\xampp\htdocs\Peppe\...
- 21
0
votes
2
answers
836
views
How to test HashPassword in WordPress?
I want to test (unit testing) HashPassword($password) method from WordPress.
How I can check that HashPassword("123123") will return the correct hash for it?
For example, I want to do ...
- 111
0
votes
1
answer
358
views
newbie question : Apache Shiro recover password
I have little experience with encryption / decryption..
for my web app I want to use Apache Shiro to login user, with salted password ..
this is the article I read : http://shiro.apache.org/realm.html#...
- 407
0
votes
1
answer
251
views
Missing salt: Why is the salt not complete after using hashpw (bcrypt)?
While making a save password we can use a salt for hashing. This is done with the bcrypt package but the hashed password does not contain the full salt text. See here:
library("bcrypt")
...
user11538509
1
vote
0
answers
148
views
What stops an attacker from extracting the salt from a BCrypt hashed password?
My understanding from my initial reading of how BCrypt hashes passwords is that it:
takes the raw string
hashes it using a random salt
appends that salt to the end of the hash (https://stackoverflow....
- 1,140