recentpopularlog in

kme : hashing   19

SHA-1 collision attacks are now actually practical and a looming danger | ZDNet
should switch to (in order of preference):

* BLAKE2b / BLAKE2s
* SHA-512/256
* SHA3-256
* SHA-384
* Any other SHA2-family hash function as a last resort

"...unless they're storing passwords! In which case, they should switch to (in order of preference):

* Argon2id with memory >= 32MiB, >= 2 rounds, and >= 2 parallelism
* scrypt / yescrypt with memory >= 32 MiB, >= 4 rounds, and >= 1 parellelism
* bcrypt (for PHP devs, password_hash() and password_verify() does the trick)
* PBKDF2-SHA512 with 85,000 iterations as a last resort

"But SHA1 should no longer be used anymore. No excuses," Arciszewski
sha1  cracking  crypto  hashing  algorithms  advice 
may 2019 by kme
hashing - Is there a built-in checksum utility on Windows 7? - Super User
CertUtil is a pre-installed Windows utility that can be used to generate hash checksums:

<code>certUtil -hashfile pathToFileToCheck [HashAlgorithm]
HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512</code>

So for example, the following generates an MD5 checksum for the file C:\TEMP\MyDataFile.img:

<code>CertUtil -hashfile C:\TEMP\MyDataFile.img MD5</code>

To get output similar to *Nix systems you can add some PowerShell magic:

<code style="language-powershell">$(CertUtil -hashfile C:\TEMP\MyDataFile.img MD5)[1] -replace " ",""</code>
windows  hashing  checksum  hash  md5  sha1  commandline  utility  software  solution 
april 2018 by kme
How do I create a SHA1 hash in ruby? - Stack Overflow
require 'digest/sha1'
Digest::SHA1.hexdigest 'foo'
ldap  ruby  sha  hashing  library  solution 
may 2016 by kme
Hashing and verifying LDAP passwords in PHP | Michael Kuron's Blog
See also http://technology.mattrude.com/2010/11/ldap-php-change-password-webpage/#comment-194 for a somewhat better solution using OpenSSL's PRNG.

<code class="language-php">
function hash_password($password) // SSHA with random 4-character salt
{
$salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
return '{SSHA}' . base64_encode(sha1( $password.$salt, TRUE ). $salt);
}
</code>
ldap  php  hashing  snippet  webdevel  solution 
february 2016 by kme

Copy this bookmark:





to read