Show HN: Procedural Music Workstation in the Browsermanager.kiekko.pro9 points·by timo_h·4 เดือนที่ผ่านมา·0 comments
timo_h·3 ปีที่แล้ว·discussThe same principle applies to SHA-512 just the same (much cheaper to attack non-stretched SHA-512 hash than attacking directly the bcrypt hash).There are both MD5 hashes and SHA-512 hashes lying around, which makes "hash shucking" possible for both of them.
timo_h·3 ปีที่แล้ว·discuss> When using bcrypt, make sure to use the following algorithm to prevent the leading NULL byte problem. and the 72-character password limit:> bcrypt(base64(sha-512(password)))Pre-hashing the password, in this context, without a salt, is susceptible to hash shucking: https://security.stackexchange.com/questions/234794/is-bcryp...Instead, use: bcrypt(base64(sha-512(password + global_salt)))
timo_h·5 ปีที่แล้ว·discussFirefox is great on desktop, been my primary browser for 15+ years.Sadly though, the mobile version (still) lacks support for "pull to refresh" gesture. Other than that, mobile FF is great (privacy features, browser addons...).
There are both MD5 hashes and SHA-512 hashes lying around, which makes "hash shucking" possible for both of them.