HackerTrans
トップ新着トレンドコメント過去質問紹介求人

timo_h

no profile record

投稿

[untitled]

1 ポイント·投稿者 timo_h·4 か月前·0 コメント

Show HN: Procedural Music Workstation in the Browser

manager.kiekko.pro
9 ポイント·投稿者 timo_h·4 か月前·0 コメント

コメント

timo_h
·3 年前·議論
The same principle applies to SHA-512 just the same (much cheaper to attack non-stretched SHA-512 hash than attacking directly the bcrypt hash).

There are both MD5 hashes and SHA-512 hashes lying around, which makes "hash shucking" possible for both of them.
timo_h
·3 年前·議論
> When using bcrypt, make sure to use the following algorithm to prevent the leading NULL byte problem. and the 72-character password limit:

> bcrypt(base64(sha-512(password)))

Pre-hashing the password, in this context, without a salt, is susceptible to hash shucking: https://security.stackexchange.com/questions/234794/is-bcryp...

Instead, use:

  bcrypt(base64(sha-512(password + global_salt)))
timo_h
·5 年前·議論
Firefox is great on desktop, been my primary browser for 15+ years.

Sadly though, the mobile version (still) lacks support for "pull to refresh" gesture. Other than that, mobile FF is great (privacy features, browser addons...).