Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@sophieschmieg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sophieschmieg</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@neilmadden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>neilmadden</span></a></span> </p><p>IMO we need to stop coming up with algorithms to securely store "derivatives" of typically weak passwords, as</p><p> IT WILL FAIL.</p><p>From <a href="https://www.akkadia.org/drepper/SHA-crypt.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">akkadia.org/drepper/SHA-crypt.</span><span class="invisible">txt</span></a>:<br>❝<br>In addition, the produced output for [...] MD5 has a short length which makes it possible to construct rainbow tables.<br>❞</p><p>Please correct me if I'm wrong, but even in 2025 suggesting that a rainbow table is feasible for (lets cut a few bits for MD5 weaknesses) random numbers of 120 bits in length is BS (in order to create FUD).</p><p>If I'm right about that, the least bad thing to do is:</p><p>1) Everyone should use a password manager (pwmgr) because people simply do not have the ability to come up with a sufficiently strong password that is *unique for each account*, let alone for multiple accounts (sometimes hundreds), to remember them absolutely error-free, and to recall which password was chosen for which account.</p><p>Note: IMO password *reuse* currently is the biggest threat. Entering a reused password on a fake (phishing) website may have devastating consequences, because (when a password is reused for multiple accounts) chances are that ALL those accounts are compromised. Note that the complexity and uniqueness of the password are IRELLEVANT. And, what KDF is used on the server, is IRRELEVANT as well.</p><p>2) Let the pwngr generate a (cryptographically) random password, as long and with as much entropy as allowed by the server.</p><p>3) Use a strong master password and NEVER forget it (typical beginner failure).</p><p>4) Make sure the database is backed up in more than one place, and make a backup after each modification.</p><p>5) Make sure that the device the password mamager is used on, *never* gets compromised.</p><p>6) Double check that https:// is used. Better, make sure to use a browser that blocks http:// connections and warns you (Safari on iOS/iPadOS now supports "Not Secure Connection Warning"). In all browsers such a setting is OFF by default: ENABLE IT!</p><p>7) On a mobile device: use "Autofill". The OS then transfers the domain name (shown in the browser's address bar) to the pwmgr. If a matching domain name is *not found* in the pw database, assume that you're on a (fake) phishing website! In that case: DO NOT ATTEMPT TO LOG IN by looking up credentials yourself. Reasons for 7, two examples:<br>----<br> fake: circle-ci·com<br> real: circleci.com<br>----<br> fake: lîdl.be<br> real: lidl.be<br>----</p><p>If people would follow this advice (which is not just mine), even MD5 for storing a one-way derivative of the password on the server would be fine.</p><p>HOWEVER: don't use MD5 - because "never use MD5 for whatever" is easier to remember than "don't use MD5 if preimage attacks are possible".</p><p>P.S. I'm not a cryptographer (although I'm quite interested in the matter).</p><p><a href="https://infosec.exchange/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://infosec.exchange/tags/PasskeysStillSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasskeysStillSuck</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/Autofill" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Autofill</span></a> <a href="https://infosec.exchange/tags/DomainName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainName</span></a> <a href="https://infosec.exchange/tags/httpVShttps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpVShttps</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/KDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KDF</span></a> <a href="https://infosec.exchange/tags/Argon2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Argon2</span></a> <a href="https://infosec.exchange/tags/scrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scrypt</span></a> <a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bcrypt</span></a> <a href="https://infosec.exchange/tags/KeyDerivationFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyDerivationFunction</span></a> <a href="https://infosec.exchange/tags/OneWayDerivative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OneWayDerivative</span></a> <a href="https://infosec.exchange/tags/HashFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HashFunction</span></a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> <a href="https://infosec.exchange/tags/CryptographicHashFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptographicHashFunction</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.gamedev.place is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server focused on game development and related topics.
Administered by:
Server stats:
5.6Kactive users
mastodon.gamedev.place: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#md5
0 posts · 0 participants · 0 posts today
Erik C. Thauvin<p>Hashing Passwords: Why MD5 and SHA Are Outdated, and Why You Should Use Scrypt or Bcrypt</p><p><a href="https://mastodon.social/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bcrypt</span></a> <a href="https://mastodon.social/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>md5</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/scrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scrypt</span></a> <a href="https://mastodon.social/tags/sha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sha</span></a></p><p><a href="https://dev.to/lovestaco/hashing-passwords-why-md5-and-sha-are-outdated-and-why-you-should-use-scrypt-or-bcrypt-48p2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.to/lovestaco/hashing-passw</span><span class="invisible">ords-why-md5-and-sha-are-outdated-and-why-you-should-use-scrypt-or-bcrypt-48p2</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>«Secure Coding – Passwort-Hashing zum Schutz vor Brute-Force und Rainbow-Tabellen:<br>Warum sichere Passwörter wichtig sind und welche Hashing-Algorithmen Java-Anwendung sowie Benutzerkonten zuverlässig vor Hackern schützen.»</p><p>Anscheinend ist dies immer noch ein Thema, da viele immer noch zB MD5 nutzen und nur das Hashen von Passwörtern eingesetzt wird. Vertraulich und sicher geht anders und Argon2 ist momentan aktuell.</p><p>🔑 <a href="https://www.heise.de/hintergrund/Secure-Coding-Passwort-Hashing-zum-Schutz-vor-Brute-Force-und-Rainbow-Tabellen-10265244.html?seite=all" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/hintergrund/Secure-Co</span><span class="invisible">ding-Passwort-Hashing-zum-Schutz-vor-Brute-Force-und-Rainbow-Tabellen-10265244.html?seite=all</span></a></p><p><a href="https://chaos.social/tags/passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwort</span></a> <a href="https://chaos.social/tags/itsicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsicherheit</span></a> <a href="https://chaos.social/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> <a href="https://chaos.social/tags/online" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>online</span></a> <a href="https://chaos.social/tags/argon2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>argon2</span></a> <a href="https://chaos.social/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>md5</span></a></p>
DamonHD<p><span class="h-card" translate="no"><a href="https://come-from.mad-scientist.club/@algernon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>algernon</span></a></span> <span class="h-card" translate="no"><a href="https://mstdn.io/@wolf480pl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wolf480pl</span></a></span> I haven't looked at your implementation yet, but I'm tempted to build into my static sites a version of what I think you may be doing with an <a href="https://mastodon.social/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a>-URL-hash-driven maze in a few lines of <a href="https://mastodon.social/tags/Apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apache</span></a> config, which any dodgy request such as for a PHP file flings the visitor into. Won't care about the UA or anything else much, though could return 503s/429s randomly for fun.</p>
Adam Jacobs 🇺🇦<p>OK, I am aware that creating hashes with MD5 is not considered secure in the presence of Bad Guys, but if you're using it in a safe environment just to see if files have changed since you last looked, is it perfectly good enough? Or should I still be using SHA2?</p><p><a href="https://mas.to/tags/HashAlgorithms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HashAlgorithms</span></a> <a href="https://mas.to/tags/Techie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Techie</span></a> <a href="https://mas.to/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> <a href="https://mas.to/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://mas.to/tags/SHA2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SHA2</span></a> <a href="https://mas.to/tags/SHA256" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SHA256</span></a></p>
Erik C. Thauvin<p>PostgreSQL Finally Deprecates MD5 Passwords</p><p><a href="https://mastodon.social/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>md5</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/postgresql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postgresql</span></a></p><p><a href="https://www.phoronix.com/news/PostgreSQL-Deprecates-MD5-Pass?utm_medium=erik.in&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/PostgreSQL-D</span><span class="invisible">eprecates-MD5-Pass?utm_medium=erik.in&utm_source=mastodon</span></a></p>
Habr<p>Китайская криптография. Анализ проприетарного протокола MMTLS из WeChat</p><p>Изображение из документации протокола MMTLS Академическая исследовательская группа Citizen Lab из университета Торонто провела первый публичный анализ протокола шифрования MMTLS на предмет безопасности и конфиденциальности. Это основной протокол приложения WeChat , которым пользуется более 1,2 млрд человек ( 34% мобильного трафика в Китае в 2018 году). Как выяснилось, MMTLS представляет собой модифицированную версию TLS 1.3, причём многие изменения, внесённые разработчиками, привели к появлению слабых мест. Более того, в дополнение к MMTLS используется ешё менее безопасный, тоже проприетарный протокол, содержащий множество уязвимостей, в том числе детерминированные векторы инициализации в AES-GCM и отсутствие прямой секретности. Ниже он упоминается под названием Business-layer encryption.</p><p><a href="https://habr.com/ru/companies/globalsign/articles/862300/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/globalsi</span><span class="invisible">gn/articles/862300/</span></a></p><p><a href="https://zhub.link/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://zhub.link/tags/MMTLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MMTLS</span></a> <a href="https://zhub.link/tags/WeChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeChat</span></a> <a href="https://zhub.link/tags/DH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DH</span></a> <a href="https://zhub.link/tags/AESGCM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AESGCM</span></a> <a href="https://zhub.link/tags/AESCBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AESCBC</span></a> <a href="https://zhub.link/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://zhub.link/tags/HKDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HKDF</span></a> <a href="https://zhub.link/tags/%D1%88%D0%B8%D1%84%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>шифрование</span></a> <a href="https://zhub.link/tags/%D0%B2%D0%B5%D0%BA%D1%82%D0%BE%D1%80%D1%8B_%D0%B8%D0%BD%D0%B8%D1%86%D0%B8%D0%B0%D0%BB%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D0%B8" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>векторы_инициализации</span></a></p>
David Bombal<p>Cryptography tutorial from the amazing Stephen Sims!</p><p>YouTube video: <a href="https://youtu.be/DjhJV_-mM5o" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/DjhJV_-mM5o</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/vpn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vpn</span></a> <a href="https://infosec.exchange/tags/hash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hash</span></a> <a href="https://infosec.exchange/tags/hashing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashing</span></a> <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infomationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infomationsecurity</span></a> <a href="https://infosec.exchange/tags/aes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aes</span></a> <a href="https://infosec.exchange/tags/des" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>des</span></a> <a href="https://infosec.exchange/tags/sha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sha</span></a> <a href="https://infosec.exchange/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>md5</span></a> <a href="https://infosec.exchange/tags/ssl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssl</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a></p>
Cyclone<p>Need to convert a <a href="https://infosec.exchange/tags/wordlist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wordlist</span></a> to <a href="https://infosec.exchange/tags/hash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hash</span></a>? Meet <a href="https://infosec.exchange/tags/hashgen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashgen</span></a>, the blazingly fast hash generator. Currently supports 18+ modes such as <a href="https://infosec.exchange/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>md5</span></a>, <a href="https://infosec.exchange/tags/sha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sha</span></a>, <a href="https://infosec.exchange/tags/ntlm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ntlm</span></a>, <a href="https://infosec.exchange/tags/crc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crc</span></a>, <a href="https://infosec.exchange/tags/base64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>base64</span></a> encode/decode, and converting $HEX[] to <a href="https://infosec.exchange/tags/plaintext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>plaintext</span></a>.<br>Cross-compilable for Linux, Windows and Mac.<br><a href="https://forum.hashpwn.net/post/89" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">forum.hashpwn.net/post/89</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/hashpwn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashpwn</span></a> <a href="https://infosec.exchange/tags/hashcracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashcracking</span></a> <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashcat</span></a> <a href="https://infosec.exchange/tags/hex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hex</span></a></p>
SpaceLifeForm<p>Do you run a Radius server?</p><p>Are you still using software that can be hash attacked?</p><p>Do you even know?</p><p><a href="https://www.blastradius.fail/attack-details" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">blastradius.fail/attack-detail</span><span class="invisible">s</span></a></p><p><a href="https://infosec.exchange/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a></p>
Alex Ivanovs<p>RADIUS protocol vulnerable to new Blast-RADIUS attack</p><p><a href="https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackdiary.com/radius-protocol</span><span class="invisible">-vulnerable-to-new-blast-radius-attack/</span></a></p><p><a href="https://mastodon.social/tags/BlastRADIUS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlastRADIUS</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://mastodon.social/tags/RADIUS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RADIUS</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://mastodon.social/tags/UDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UDP</span></a> <a href="https://mastodon.social/tags/Hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hack</span></a> <a href="https://mastodon.social/tags/ManInTheMiddle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ManInTheMiddle</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://mastodon.social/tags/SecurityThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityThreat</span></a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataBreach</span></a> <a href="https://mastodon.social/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://mastodon.social/tags/NetworkProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkProtection</span></a> <a href="https://mastodon.social/tags/SecureNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureNetworks</span></a> <a href="https://mastodon.social/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.social/tags/SecurityPatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityPatch</span></a> <a href="https://mastodon.social/tags/NetworkAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkAdmin</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://mastodon.social/tags/DigitalDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalDefense</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/SecureProtocol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureProtocol</span></a> <a href="https://mastodon.social/tags/CryptoStandards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoStandards</span></a> <a href="https://mastodon.social/tags/SecurityUpdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityUpdate</span></a> <a href="https://mastodon.social/tags/TechSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechSecurity</span></a> <a href="https://mastodon.social/tags/NetworkSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSafety</span></a> <a href="https://mastodon.social/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberDefense</span></a> <a href="https://mastodon.social/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataSecurity</span></a></p>
Ric<p>Is it possible to determine the original contents of a file from its MD5 hash?</p><p>I'm fully aware that MD5 is weak as an encryption hash and that there are reverse lookup dictionaries people have created by hashing tonnes of words and sentences and whatnot, but I'm not looking for just any working conversion, I'm trying to determine whether publicly providing the MD5 hash of a sensitive text file would potentially expose its contents?</p><p><a href="https://fosstodon.org/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://fosstodon.org/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://fosstodon.org/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a></p>
Jeroen Ruigrok van der Werven<p>Are your passwords in the green?</p><p><a href="https://www.hivesystems.com/blog/are-your-passwords-in-the-green" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">hivesystems.com/blog/are-your-</span><span class="invisible">passwords-in-the-green</span></a></p><p>Really stop using MD5 already for passwords.</p><p><a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/Hashing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hashing</span></a> <a href="https://mastodon.social/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://mastodon.social/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bcrypt</span></a></p>
Avoid the Hack! :donor:<p>New Password Cracking Analysis Targets <a href="https://infosec.exchange/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bcrypt</span></a></p><p>Bcrypt is the "go to" algorithm for hashing for a lot of things because it's what I like to call "secure enough." </p><p>But considering this study found that 1) any password under 7 characters could be cracked in hours and 2) "weak" 11-character <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> take ~10 hours to crack. </p><p>Will it be the new <a href="https://infosec.exchange/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> in a few years? </p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a></p><p><a href="https://www.securityweek.com/new-password-cracking-analysis-targets-bcrypt/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/new-password-</span><span class="invisible">cracking-analysis-targets-bcrypt/</span></a></p>
Isaac Wyatt<p>Early in my career as a marketing analyst I wrote a C# script, and then a desktop app, to compare and clean email lists from vendors using MD5 hashes - and I gave it away for free despite there being a small business opportunity. </p><p><a href="https://www.isaacwyatt.com/posts/2024-03-30/?utm_source=hachyderm.io&utm_medium=referral&utm_campaign=user_post&utm_content=%40iw" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">isaacwyatt.com/posts/2024-03-3</span><span class="invisible">0/?utm_source=hachyderm.io&utm_medium=referral&utm_campaign=user_post&utm_content=%40iw</span></a></p><p><a href="https://hachyderm.io/tags/CSharp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSharp</span></a> <a href="https://hachyderm.io/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://hachyderm.io/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a></p>
RevK :verified_r:<p>Grr, someone posted a cool plain text single character difference <a href="https://toot.me.uk/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> collision the other day, and buggered if I can find it now.</p><p>UPDATE: Found, thanks <span class="h-card" translate="no"><a href="https://hachyderm.io/@rogerlipscombe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rogerlipscombe</span></a></span></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ryanc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ryanc</span></a></span>: I've read about hash extension attacks (which is why one should use a HMAC in many cases, just to be sure in all cases where you' want to combine a hash and a secret, or two hashes).</p><p>However, if I understand correctly, each bit in a not-broken cryptographically secure hash should, in practice, be indistinguishable from being perfectly random (50% chance of being 0).</p><p>If that is the case, why would truncating any crypto-secure-hash value lead to problems, and under which conditions?</p><p>I'm truly interested and would very much appreciate pointers to articles explaining when en why that would be the case.</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@Edent" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Edent</span></a></span> </p><p><a href="https://infosec.exchange/tags/hash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hash</span></a> <a href="https://infosec.exchange/tags/hashtruncation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashtruncation</span></a> <a href="https://infosec.exchange/tags/cryptographicallySecureHash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptographicallySecureHash</span></a> <a href="https://infosec.exchange/tags/cryptographicallySecureHashes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptographicallySecureHashes</span></a> <a href="https://infosec.exchange/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> <a href="https://infosec.exchange/tags/hashExtensionAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hashExtensionAttacks</span></a> <a href="https://infosec.exchange/tags/HMAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HMAC</span></a></p>
Bruno Rohée<p>The long tail of bad crypto again...<br><a href="https://pouet.chapril.org/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a></p><p>The Curious Case of MD5 | Kate Sills<br><a href="https://katelynsills.com/law/the-curious-case-of-md5/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">katelynsills.com/law/the-curio</span><span class="invisible">us-case-of-md5/</span></a></p>
Bruno Rohée<p>At this point, this is so out of date that this is disinformation. Shame on you <a href="https://pouet.chapril.org/tags/ApacheFoundation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ApacheFoundation</span></a>. <a href="https://pouet.chapril.org/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> </p><p><a href="https://infra.apache.org/release-signing.html#md5-security" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infra.apache.org/release-signi</span><span class="invisible">ng.html#md5-security</span></a></p>
Daniel Böhmer<p><span class="h-card" translate="no"><a href="https://manitu.social/@team" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>team</span></a></span> Wow, beeindruckende Reaktionszeit! 👍 </p><p>Leider wird aktuell nur der MD5-Fingerprint angezeigt. <a href="https://ieji.de/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MD5</span></a> ist nicht mehr zeitgemäß, vor allem für eine jetzt neu eingeführte Anzeige. 😔 Könnt ihr da nochmal nachjustieren?</p><p>Ich habe es ausprobiert und ohne zusätzliche Kommandozeilenoptionen kann man mit dem MD5-Fingerprint weder visuell vergleichen, noch den Fingerprint einfügen, damit <a href="https://ieji.de/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> ihn vergleicht.</p><p>Nachfolgend eine etwas genauere Beschreibung, wie ich die Anzeige sinnvoll fänd:</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload