Best practice for password hashing
Hi, I am creating an intranet web application that will authenticate with user name and password. Obviously, I want to store the passwords hashed. This is only a defence-in-depth mechanism - I'm planning on the hashes remaining secret, unless there is a database compromise. The threat profile is somewhat differe... 15 Jun 2010 16:32
custom Run-time packer
does someone know good encryption sheme to encrypt and compresss PE executable? (i.e. to make custom Run-time packer) For encryption I would choose AES-256 with random key, but how to implement encryption/compression scheme: we need strip out the old PE header and put in a new stock header that performed the decry... 13 Jun 2010 02:55
Why hash function (e.g. MD5) cannot be a MAC
http://en.wikipedia.org/wiki/Message_authentication_code Seems most Linux ISO download site give MD5 checksum of ISO file as a kind to validate the integrity of the file, why people can't call hash function (e.g. MD5, no key, no salt) as MAC? ... 9 Jun 2010 08:37
Steganography: 100's or 1000's of Apps. Available
I did a brief search and found that there are many many steganography apps. availabel on the net. I came across this modest article addressing the threat steganography might pose: http://www.infosectoday.com/Articles/digitalstego.htm I have concluded that there can be no better steganography program than the ... 7 Jun 2010 11:54
The Winds of Change - Update.
There are three distinct ciphers to hand in my invention of vector cryptography that are totally secure i.e. theoretically unbreakable according to the definition of what is unbreakable crypto strength in the Handbook of Applied Cryptography. The focus here initially is on the intellectual integrity at the m... 8 Jun 2010 11:27
When chaining algorithms, one should pick ones with compatible and complementing characteristics to produce the maximum benefit from the combination. Including what you are is a clue with a clear statement is something you don't want to give with an actual message, or even betraying all possible pairings of proc... 6 Jun 2010 00:32
Question About Cryptographically Hashing a Hash (SHA-512), Then Hashing That Hash, Etc.
Let's say I calculate an SHA-512 cryptographic hash. Then (either as a hexadecimal string or as the binary representation) I feed that hash through the SHA-512 algorithm to get a new hash. Then I hash that hash. Then I hash that hash. Etc. Are there any results in any of these directions: a)Whether ... 13 Jun 2010 01:51
Question about pass phrase cracking through brute force
I have encrypted my data with this passphrase (example passphrase): ()Hnnn&&/7+BarakObama If I understand it correctly a brute force attack will keep trying dictionary words until it finds a match. My concern is this, will an attacker find out every single digit of my passphrase while cracking it or do... 10 Jun 2010 23:27
Criticism of a proposed floating point (cs)prng requested.
The algorithm is: x_n+1 = FRAC( x_n ( x_n + b_n ) +c ) b=1,2,3 2048 c=(0;1) I ask criticism on the safety, randomness quality, speed performance, non linearity, crypto analisys, Discrete Logarithm Problem (DLP), etc. For more go to: http://www.number.com.pt/index.html Thanks ... 13 Jun 2010 16:03
Criticism of a proposed stream cipher requested.
Those who have been in this group for a long time may recognize my name. I'm still around. In another group, an acquaintance recently described his homegrown stream cipher (yes, I know, I know....). I'd like to provide some informed criticism to him. He's a pretty decent mathematician, but knows very little abou... 8 Jun 2010 02:34