Linked Questions

I know this is a real dumb question and I am certainly talking complete rubbish, but let me explain: We have a long SHA-256 hash, e.g.: ...

I know md5 is considered non-secure but what if someone used md5(md5(password).salt) instead? Isn't this technically better / more secure?

For example, a person having password 123456. it's MD5 is e10adc3949ba59abbe56e057f20f883e and SHA1 is 7c4a8d09ca3762af61e59520943dc26494f8941b and after joining both hashes. Which comes to be ...

Lets say I have a system in which I save the user's passwords using SHA-2. Now I was just wondering would it be a good approach if I take the MD5 hash of the password and then compute SHA-2 for the ...

As of this morning any SHA-1 hash can officially be collided for as little as $110k in GPU power on Amazon. http://shattered.it/ https://arstechnica.com/security/2017/02/at-deaths-door-for-years-...

A developer, let's call him 'Dave', insists on using home-brew scripts for password security. See Dave's proposal below. His team spent months adopting an industry standard protocol using Bcrypt. ...

Why shouldn't we create our own security schemes? I see a lot of questions around here about custom crypto and custom security mechanisms, especially around password hashing. With that in mind, I'm ...

Imagine the following situation. We're making a web application which should be really safe Now the accounts/users are not directly added by us but they receive a letter with a logincode. We get a ...

Update: There is a better way to add a server side key, than using it as a pepper. With a pepper an attacker must gain additional privileges on the server to get the key. The same advantage we get by ...

I read online that it's useless and basically impractical to hash a password with multiple hashing algorithms (and not just one) before storing them in a database. I don't really understand why that ...

I read this interesting question on why improvising your own Hash function out of existing hash functions is bad. However this is specifically focusing on 'mixing' existing hashfunctions. What if for ...

I'm using bcrypt for some web service requests that hash multiple passwords. The problem is that these web service requests can take minutes to complete due to bcrypt. Not very user friendly. My ...

I've read about why MD5, SHA1, and many other hashing functions are insecure, by a lot, but I'm thinking of doing a different approach. It won't increase security, I'm aware of that, but I believe it ...

I was looking at our authentication system which hashes passwords differently than I was taught. The salt is a constant byte array and it uses the password + the salt as a key for the password hashing ...

Simple question: Both MD5 and SHA1 are susceptible to a collision attack. It's reasonable to assume that SHA256, the next algorithm we're switching to, also has such an issue, but one that's hidden ...