I am creating a custom CMS and have built a login system and was wandering how vulnerable hashing the passwords this way would be compared to just using the md5 php function like this: <?php $token = md5($salt . $password . $pepper); ?> Most people just add a salt but adding pepper just makes sense if your going to add salt :) Here i...
I need to store hashes of passwords on disk. I am not entirely sure which hash function to use (they all seem somewhat troubled at the moment), but I am leaning towards SHA-256. My plan is to take the user's password and combine it with their user ID, a random user-specific salt, and a universal site-wide salt. Should I concatenate thes...
Hi guys. Please help me the code (Java) to encrypt and decrypt ( will be better if using private key) with SHA256. ^^ Thank you so much! ...
Hi Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)? I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can. Thanks Edit 2 Never Mind I mi...
I'm developing a network API to interact with a legacy server, and I need a little help figuring out which hashing function they're using. The original developers are not particularly responsive to my queries, so I thought that SO might help me out. This is a low-security, internal corporate network, so the hash isn't complicated. So ...
According to the wikipedia entry on Rabin-Karp string matching algorithm, it can be used to look for several different patterns in a string at the same time while still maintaining linear complexity. It is clear that this is easily done when all the patterns are of the same length, but I still don't get how we can preserve O(n) complexit...
Is it possible using a certain hash function and method (the division method, or double hashing) to make a chained hash table that can be resized without having to reinsert (rehash) each element already in the table? ...
I have this table which doesn't have a primary key. I'm going to insert some records in a new table to analyze them and I'm thinking in creating a new primary key with the values from all the available columns. If this were a programming language like Java I would: int hash = column1 * 31 + column2 * 31 + column3*31 Or something l...
I've got an old application that has user passwords stored in the database with an MD5 hash. I'd like to replace this with something in the SHA-2 family. I've thought of two possible ways to accomplish this, but both seem rather clunky. 1) Add a boolean "flag" field. The first time the user authenticates after this, replace the MD5 pas...
I have some sequential id which can be easily guessed. If some want to see data related to this id he has to prove his access by token I gave him before. token = md5(secret_key + md5(id)) Is MD5 good enough for this job? ...
If M is prime, how to choose a and b to minimize collisions? Also in books it is written that to find the empty slot while quadratic probing in (f(k)+j^2) % M, the hash table has to be at least half empty? Can someone provide me a proof of that? ...
If I have both the initial key and the hash that was created, is there any way to determine the hash algorithm? For example: Key: higher Hash: df072c8afcf2385b8d34aab3362020d0 Algorithm = ? ...
This is a question about an authentication scheme. Say I have a shared secret string S, and two computers, C1 and C2 Computer one (C1) sends a random string (R) to computer two (C2) C2 hashes (say SHA256) the concatenation of S and R (SR) C2 sends the hash of SR to C1, along with some instructions C1 compares the received hash of SR w...
hey guys i want to generate unique base62 hashes - something similar to what tinyurl and bit.ly do using c#. this would be based on an auto increment field ID of type bigint (like most of these sites) min chars would be 1 and max chars would be 6... if you had to write the fastest code (least amount of cpu usage) in c# for this hash how...
I've read before here on SO that there are some hash algorithms (I think one of those is adler32) that support the following property: adler32('abc'); // 123 adler32('def'); // 456 adler32('abcdef'); // 579 (123 + 456) Please note that the results are only examples to demonstrate what I want to archieve. I've tried some examples with ...
I have a 2D MxN grid (or matrix). The cells in the matrix may hold an integer. A cell with a non-zero integer is said to be populated. The set of populated cells in the matrix is known as a "configuration". I want to come up with an encoding or hashing algorithm that wil allow me to uniquely identify a configuration in the matrix, by co...
I have got numbers in a specific range (usually from 0 to about 1000). An algorithm selects some numbers from this range (about 3 to 10 numbers). This selection is done quite often, and I need to check if a permutation of the chosen numbers has already been selected. e.g one step selects [1, 10, 3, 18] and another one [10, 18, 3, 1] the...
I'm looking at hashing algorithms, but couldn't find an answer. Bcrypt uses Blowfish Blowfish is better than MD5 Q: but is Blowfish better than SHA512? Thanks.. Update: I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question this way is this article, where the autho...
Can anybody explain the logic behind the use of djb2 hash function as a good option for strings. The algorithm can be found at http://www.cse.yorku.ca/~oz/hash.html Why is it that 5381 and 33 hold such an importance in djb2 algorithm ??? Thanks, De Costo ...
My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences. One of us takes the viewpoint that: Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the fut...