HackerTrans
TopNewTrendsCommentsPastAskShowJobs

timo_h

no profile record

Submissions

[untitled]

1 points·by timo_h·4 tháng trước·0 comments

Show HN: Procedural Music Workstation in the Browser

manager.kiekko.pro
9 points·by timo_h·4 tháng trước·0 comments

comments

timo_h
·3 năm trước·discuss
The same principle applies to SHA-512 just the same (much cheaper to attack non-stretched SHA-512 hash than attacking directly the bcrypt hash).

There are both MD5 hashes and SHA-512 hashes lying around, which makes "hash shucking" possible for both of them.
timo_h
·3 năm trước·discuss
> When using bcrypt, make sure to use the following algorithm to prevent the leading NULL byte problem. and the 72-character password limit:

> bcrypt(base64(sha-512(password)))

Pre-hashing the password, in this context, without a salt, is susceptible to hash shucking: https://security.stackexchange.com/questions/234794/is-bcryp...

Instead, use:

  bcrypt(base64(sha-512(password + global_salt)))
timo_h
·5 năm trước·discuss
Firefox is great on desktop, been my primary browser for 15+ years.

Sadly though, the mobile version (still) lacks support for "pull to refresh" gesture. Other than that, mobile FF is great (privacy features, browser addons...).