All Questions
18 questions
15votes
3answers
5kviews
Hashing password to increase entropy
Is it secure to hash a password before using it in an application to increase password entropy? Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF ...
- 899
10votes
2answers
2kviews
Is there a loss of entropy by hashing an N-bit random key to produce an N-bit hash?
I read the following piece of code: dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum Apparently, this code was used as a trick to produce a hex string key from a 128-bit binary pseudo-random ...
0votes
1answer
845views
Calculating Entropy using md5sum, sha256sum etc
We can calculate the Entropy S of a string simply like this: S = L * log_2(N) Where L stands for used characters in the string And N for every possible character Example: We want to calculate the ...
0votes
1answer
811views
BCrypt hash as database table ID
In my web application I have to store hashed values (using BCrypt) as ID for a database table. The input for each hash value is a unique string. I am concerned about possible collisions. 1) What is a ...
- 105
1vote
0answers
477views
Digest algorithm for the PRNG in OpenVPN
Considering the following OpenVPN (2.4) option from the manual: --prng alg [nsl] (Advanced) For PRNG (Pseudo-random number generator), use digest algorithm alg (default=sha1), and set nsl (default=16)...
4votes
4answers
15kviews
Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy? [duplicate]
I know this is a real dumb question and I am certainly talking complete rubbish, but let me explain: We have a long SHA-256 hash, e.g.: ...
- 1,305
2votes
2answers
1kviews
Would a Password Using All Possible Unicode Code Points Cause Problems in Traditional Hashing Algorithms, such as Bcrypt?
I've been toying around with this idea, but hypothetically, if you had a password manager that would use any possible renderable (e.g. not control characters such as BEL, NUL, DEL, etc., or surrogate ...
3votes
1answer
2kviews
Can I generate a random 32 bit key by using the Java hashCode and random English words?
I want to generate and communicate a 32 bit key to Bob over a phone conversation. I know he happens to have the same Java and OS installed as I have. Suppose I have a dictionary of 100,000 (English) ...
- 135
8votes
2answers
539views
Is there a threshold of bits of entropy below which hashing becomes meaningless?
I just read a help page by a mail provider in which they state that all mobile phone numbers will be stored as a salted hash. This strikes me as interesting, since phone numbers don't contain a lot ...
- 1,200
5votes
1answer
343views
Random padding in hash functions
In this answer, it was recommended that you add random padding when hashing messages for a trusted timestamp, such as for predictions, in order to avoid dictionary and brute force attacks (at least ...
- 153
0votes
1answer
934views
What multiplier to use when calculating the average time to crack passwords with a given entropy?
Suppose that we have a process that generates passwords with entropy E. I'd like to compute the average time it would take for a brute-force attack to crack an MD5-hashed instance of such a password. ...
- 1,073
15votes
4answers
5kviews
Is there a length beyond which increasing password length provides no additional security?
Assuming that the password is stored hashed and salted, and that it is a string of random characters, is there a point where adding to password length doesn't add security? Since the hash will have a ...
- 253
2votes
2answers
2kviews
Password entropy match for alphanumeric but there are special characters in password
I have a problem cracking some of the fundamentals on passwords' entropies. Namely: I have read this article about a guy cracking DKIM of Google (maybe more noticing that the keys are only 512 bits) ...
- 157
12votes
3answers
5kviews
Does the salt need to be unique or not predictable?
I always thought that salts is simply used to prevent rainbow tables to be used. Other have suggest they should be unique on a per account basis. Currently i have been using a config file to use as ...
user5575
3votes
3answers
6kviews
Recompute Rainbow table with salt?
So, as I understand it, you prepend a password with salt before you hash it so that the resulting hash can't be used with a rainbow table to find the original password, as you could if the password ...
- 2,292
