HMAC security - Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?
Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1? ...
sha1
Which .NET SHA1 class is FIPS compliant?
I'm using the SHA1Managed class in my code, but this causes a problem when I run it on a particular machine. I get this exception: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. The problem is caused by SHA1Managed, which is not FIPS compliant. ...
How to set MessageDigest seed?
The MessageDigest class implements the SHA-1 algorithm (among many others). The SHA-1 algorithm allows one to use different "seeds" or initial digests. See SHA-1 Psuedocode The algorithm initializes variables, or the seed: Initialize variables: h0 = 0x67452301 h1 = 0xEFCDAB89 h2 = 0x98BADCFE h3 = 0x10325476 h4 = 0xC3D2E1F0 Howev...
OpenFire: SHA-1 passwords without blowfish encryption.
Hi All, I want to be able to create users that have a straight up SHA-1 password. No Blowfish, nothing special, just plain old vanilla SHA-1. The only way I have been able to accomplish this so far has been to extend DefaultUserProvider and override the createUser, making the following change: if (!usePlainPassword) { try { ...
Is there anything like SHA1CryptoServiceProvider (Which is C#) in Objective-C?
I am trying to create a serial number checker in an app that I am writing, and it uses cryptography to encode the name and entered number against what it actually should be. I am familiar with the SHA1CryptoServiceProvider used in C#, but is there anything like this in Objective-C? Here is sample code from C# that I want to convert to...
What are the advantages of Digest::SHA over Digest::SHA1?
Are there any advantages in using Digest::SHA over Digest::SHA1 or vice versa? both seem to be maintained but I don't see a reason for Digest::SHA1 to even exist with the existence of Digest::SHA. ...
Objective C: SHA1
Hi, How do i sha1 a string or set of numbers in Objective c? ...
SHA1 collision demo / example
This question is similar to this, but that one only references MD5 collision demos. Are there any actual SHA1 collision pairs of arbitrary messages known so far ? I'd like to use these to test how various software products (my own one and some third party) deal with it. Doing some Google searches only turned up the oh-so prominent MD5...
Mysql is clipping the last character off password regardless
Hello I am using a salted sha1 string to store activation strings. PHP is generating the strings correctly, but I have a problem storing them. Using varchar or char and field length from 64 up to 180, mysql is removing the last character regardless. Does anyone know why that would happen? edit: CREATE TABLE `users` ( `id` int(6) NO...
Why are Crypto++ and Ruby generating slightly different SHA-1 hashes?
I'm using two different libraries to generate a SHA-1 hash for use in file validation - an older version of the Crypto++ library and the Digest::SHA1 class implemented by Ruby. While I've seen other instances of mismatched hashes caused by encoding differences, the two libraries are outputting hashes that are almost identical. For insta...
Generate a PHP UTF-16 SHA1 hash to match C# method
I'm trying to replicate some C# code in PHP5 and am having some difficulties. The C# code is as following, and it is important to note that it cannot be changed: string s = strToHash; UnicodeEncoding encoding = new UnicodeEncoding(); byte[] bytes = encoding.GetBytes(s); SHA1Managed managed = new SHA1Managed(); bytes = encoding.Get...
Java SHA1withDSA to PHP, convertible?
Any success in implementing SHA1withDSA signature with PHP? A failure reported here. PKCS8EncodedKeySpec prvSpec = new PKCS8EncodedKeySpec(prvKeyBytes); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); PrivateKey prvKey = keyFactory.generatePrivate(prvSpec); Signature sig = Signature.getInstance("SHA1withDSA"); sig.initSign(prvKey...
What should I encode my passwords to?
I'm starting a new ASP.Net application from scratch. What should I use to encode passwords and what should my column be? Just a simple varchar(512)? Thanks for any advice. ...
Trying to hash a password.
Note: I will not be using salts. Thanks for your advice though! I'm testing how to hash a password using SHA1 and can't seem to wrap my head around it. My database column is Password char(40) not null. Here's my code: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; using System.Se...
git fsck reporting "sha1 mismatch"
We have the following problem while running the git fsck --full --strict command: error: sha1 mismatch ced885d12a0677f2db9025e1e684c72e67283fcd error: ced885d12a0677f2db9025e1e684c72e67283fcd: object corrupt or missing error: sha1 mismatch cf5a1546bd2de5611eaf6136fb5ca02b4e358bec error: cf5a1546bd2de5611eaf6136fb5ca02b4e358bec: object...
Pitfalls of encrypting (with salt) of a md5-hashed-password (php)
A client has a huge userbase and I'm required to encrypt/hash passwords in a secure manner. The problem is I can't ask every user to change their password and the passwords are already hashed with md5() without a salt. One way of doing this is to encrypt the current passwords with a salt and when a user changes or resets the password i j...
PHP different one way hashes for password security
I was wondering to hash the password in PHP using different methods available and the combination of them for more and more security. I was wondering if this would work..? $pass = "***"; $salt = "!@)#%%@(#&@_!R151"; $pass = sha1($pass.$salt); $pass = md5($pass); ...
Java MessageDigest and .NET SHA1Managed - hashes not matching
I have some .net code that generates a SHA1 hash on an xml document and need it to match a SHA1 hash generated on the same xml document in java code. The xml doc is sent to the java system and they generate a hash and match against the one i send to verify they are getting the document I intended them to. Below are the snippets in use ...
Can someone explain how salts help when storing hashed passwords?
I am having difficulty understanding how a salt which is appended to a hash helps improve the security when a database of passwords or other important information is compromised. If the salt is, for example, "hello", and is appended to the password "password" then the salt and password are stored together, "hellopassword" and hashed to ...
Why is a SHA-1 Hash 40 characters long if it is only 160 bit ?
The title of the question says it all. I have been researching SHA-1 and most places I see it being 40 Hex Characters long which to me is 640bit. Could it not be represented just as well with only 10 hex characters 160bit = 20byte. And one hex character can represent 2 byte right? Why is it twice as long as it needs to be? What am I miss...