Tagged Questions

The tag has no wiki summary.

learn more… | top users | synonyms

0
votes
1answer
51 views

Luhn algorithm applied to file access

I am in the following setup: given department ids, employee ids and file ids I want to check whether employee xy of department AB is allowed to access file f. E.g. department id = "012", employee id ...
0
votes
2answers
91 views

Algorithm to generate NTLMv2 Hash in PHP

I am trying to develop a PHP function to calculate NTLMv2 hash by providing server & client challenge, domain, account and password. The resulting hash appears to be not correct. Can someone ...
0
votes
0answers
33 views

What is the security loss from reducing Rijndael to 128 bits block size from 256 bits? [migrated]

As you know in the past few weeks it has emerged that NIST/NSA have been involved in weakening encryption standards over a long period of time so that they can retain the ability to break encryption ...
4
votes
1answer
97 views

What are covert channel algorithms?

Covert channels are normally used for communicating illegally or for some hidden communications, but I am trying to figure out what covert channel algorithms might be. Has anyone heard of this term ...
3
votes
1answer
58 views

Multiple encrypted messages known to have matching (unknown) content

A recent discussion regarding ways to keep data secure through multiple iterations of a program's execution (with repeated read/write operations) raised a question regarding known-plaintext attacks ...
-7
votes
1answer
465 views

Asymmetric encryption algorithms [closed]

What are the best asymmetric encryption algorithms out there? I am trying to use RSA in my project howoever I have read that it is not quite secure as other asymmetric encryption algorithms.
5
votes
2answers
438 views

Does chaos theory have any practical application in computer security?

Having learned about chaos theory at university some years ago, I've been curious ever since to know whether it has found any practical use in computing. Let me explain where I imagine it could be ...
0
votes
1answer
209 views

Determine hashing algorthim only with known input and output

Given the input: test A system generates the following output hash: 0x001F41B6A0534D3B851D69EFE6237F550100000010D5F4FC65E64BCFDBF2590212E4411C44942C6C734C00ACFE13B958DCAB3614 I do not know ...
3
votes
2answers
1k views

Salted hashes vs HMAC?

Most of discussions involving access credentials include references to "hashing salted passwords". Is this another way to referring to the HMAC algorithm or a totally different operation? Different or ...
2
votes
3answers
203 views

Is it a good idea to have a “master” password?

Though I do have a good memory of passwords, it is quite impossible to have one password per application. Yet, it should be... My current way to deal with passwords is to have five passwords and to ...
3
votes
3answers
181 views

Methods for remembering passwords around the web

What's the least painful way to manage passwords for user accounts that you have on various sites? I see only 3 options: Password manager. Passwords can be different and strong, but the downside is ...
216
votes
10answers
23k views

Is my developer's home-brew password security right or wrong, and why?

Our developer, let's call him 'Dave', insists on using a home-brew script for hashing passwords. See Dave's proposal below. We have already researched and adopted an industry standard protocol using ...
3
votes
5answers
575 views

Is there an asymmetric encryption algorithm that maintains the length of the plaintext?

I want to protect some registers by encrypting them without providing additional memory space. Is there a encryption algorithm that will maintain the length of the data to be encrypted? (i.e. ...
7
votes
5answers
409 views

How to prevent pay per show/click abuse?

We have a webapp. 3rd party websites put our banners on their pages (banner is a snippet of HTML). They are paid for it using "Pay per click" or "Pay per show" methods. So 3rd party website's owners ...
4
votes
1answer
209 views

How will security need to be changed if we can crack password hashes in quasi-polynomial time?

If we suppose that we have access to some form of generalized password hacking/cracking that can somehow find an $n$-bit password in time $O(n^{\log n})$, is there need for alarm? This question ...
7
votes
1answer
552 views

Identifying an unknown hash

During some of my research work I encountered an unknown hashed string. What I am curious about is the algorithm used to generate it. A factor that makes it interesting - the string contains an ...
3
votes
2answers
335 views

How realistic and possible is this sort of attack

I scanned a host with Nessus, in order to do a vulnerability Assessment, and one of the findings looked really odd to me. Nessus rated this finding's risk as Medium. The finding was, that a service ...
7
votes
4answers
345 views

How can we factor Moore's law into password cracking estimates?

How would we go about factoring Moore's law into exceedingly long password cracking estimates? Let's say we've got a 12 character password containing mixed-case alpha characters and numbers, i.e. ...