Skip to main content
Cryptography

Questions tagged [sha-1]

Ask Question

SHA-1 is a hash function that is two generations old, no longer considered secure for all uses and should only be used for backward compatibility.

288 questions
Newest Active Bountied Unanswered
0 votes
1 answer
100 views

I came across some code in 7zip of 2009 that uses srand() to generate random bytes required for ZIP encryption header. like this: ...
Candy's user avatar
  • 3
11 votes
2 answers
4k views

The Linux kernel /dev/(u)random and getrandom(2) system call all use the same CSPRNG, which was originally based on MD5, then SHA-1, and now ChaCha20 since Linux 4.8. If I use an older version of the ...
juhist's user avatar
  • 1,643
1 vote
2 answers
277 views

HMAC-SHA1-96 is performed in AH of IPSec, to have data authentication and integrity. I don't understand why I need to pad message M to a multiple of 160 bit, which is the output length of SHA1. Why is ...
allexj's user avatar
  • 163
1 vote
1 answer
188 views

The idea is to authenticate the TLS peer by verification of the SHA-1 hash of his public key (aka SKI). So Alice meets Bob in person and they exchange SKIs of their public keys. When later they ...
Alex's user avatar
  • 11
0 votes
0 answers
87 views

Given a hash cipher f(sha1($pepper . $plaintext)) where f is some transformation to an 11-byte string pepper is 24 bytes long with a character space of 62 (and is ...
Carmina Martin's user avatar
  • 1
1 vote
2 answers
78 views

I have an implementation of PBKDF2, which I know Has two bytes of '=' at the end of the input Has an input length of 24 (which is a Base64 encoded character representation of 16 bytes of entropy) ...
Evan Carroll's user avatar
  • 111
0 votes
0 answers
59 views

In this question on sha1(known_prefix + user_input + backend_secret), an answer states that is realistically possible to find the first few bytes of ...
wjwrpoyob's user avatar
  • 101
1 vote
1 answer
935 views

Assuming there is a web service that returns the following to an unauthenticated user: SHA-1(known_prefix + user_input + backend_secret) where ...
dan-ros's user avatar
  • 113
3 votes
0 answers
137 views

After tinkering with cryptographic hash functions, I started wondering if they do have counterpart functions that would imitate their cryptographic properties but with a lower level of strength in ...
Ryan B.'s user avatar
  • 153
6 votes
1 answer
3k views

We know that SHA-1 is susceptible to collision attacks, but what about pre-image attacks such as poisoning torrents?
Hormoz's user avatar
  • 829
1 vote
0 answers
571 views

I'm going to guess the latter, but just wanted to ask here. I want to have a relatively short signature, and my goal is to take a substring of the resulting hash.
Gregory Magarshak's user avatar
  • 445
1 vote
1 answer
2k views

Assume I create a hash using SHA-256 and then take only the first 160 bits of the hash, as the result. is the result more cryptographically secured than SHA-1? Or are the two algorithms equally secure ...
Aviv Aviv's user avatar
  • 113
0 votes
1 answer
152 views

Not sure about the security implications of making HMAC SHA1 message and corresponding hash public (secret would remain… secret)? Evaluating if that would help an attacker crack algorithm.
sunknudsen's user avatar
  • 199
1 vote
1 answer
3k views

Contemplating using YubiKey’s challenge-response feature to hash public passphrases. By public, I mean an attacker could potentially exfiltrate passphrases but, not having YubiKey*, passphrases would ...
sunknudsen's user avatar
  • 199
1 vote
1 answer
339 views

As some password manager, such as KeyPassXC allows a user to create a master password using a HMAC response from a YubiKey concatenated with a password entered by user, I was wondering something. ...
romes's user avatar
  • 11

15 30 50 per page
1
2 3 4 5
20