Skip to content Skip to sidebar Skip to footer

Rust password hashing functions: Argon2, scrypt, PBKDF2 by jph

I’m evaluating Rust password hashing functions, specifically Argon2, scrypt, PBKDF2. I’m using the RustCrypto open source implementations. I have three simple demos in case you want to try these yourself:* https://github.com/joelparkerhenderson/demo-rust-argon2* https://github.com/joelparkerhenderson/demo-rust-scrypt* https://github.com/joelparkerhenderson/demo-rust-pbkdf2I’m seeking advice please, such as pros and cons. The context is medical software where hashing is on generally modern machines. I’m aware

ByHackTech2 days ago0Comments

News

Netflix says password crackdown working by bazmattaz

Netflix announced its global crackdown on password sharing was working and unveiled plans to increase prices as it announced its latest quarterly results on Wednesday.The streaming media company added 8.8 million new subscribers over the last three months, far better than expected and up from 2.4 million in the same quarter last year. The increase

ByHackTechOctober 22, 20230Comments

News

Integrate 1Password with Obsidian Security for extra peace of mind by todsacerdoti

Businesses can now automate threat detection for 1Password and their broader work environment with Obsidian Security, a security platform for software as a service (SaaS) tools.Keeping your organization secure online is a never-ending challenge, especially when you have hundreds or thousands of employees. People are great at many things but following ever-changing cybersecurity best practices

ByHackTechSeptember 28, 20230Comments

$The Math of Password Hashing Algorithms and Entropy by mooreds$

News

The Math of Password Hashing Algorithms and Entropy by mooreds

SecurityBy Brian PontarelliHere’s the reality, billions of credentials have been leaked or stolen and are now easily downloaded online by anyone. Many of these databases of identities include passwords in plain text, while others are one-way hashed. One-way hashing is better (we’ll get to why in a second), but it is only as secure as

ByHackTechSeptember 10, 20230Comments

News

The Password Game will make you want to break your keyboard in the best way by laktak

Your password must include puzzles — Creator offers a glimpse into how he made this fun, infuriating “Mess of RegEx.” Kevin Purdy – Jun 28, 2023 2:38 pm UTC Enlarge / Abandon all hope, ye who choose a password here.Neal.fun/Neal Agarwal I once worked at a small-town newspaper, part of a micro-chain of four publications.

ByHackTechJune 29, 20230Comments

News

Passkey is just a different password manager. Stop trying to kill the password by srevenant

My assertion below. Prove me wrong :)I had a debate with somebody about passkey today, and it's clear that a lot of people don't understand the basic tenets of strong authentication, which is best done with at least:1. Something you know 2. Something you haveThis is the heart of MFA. The problem with passwords is

ByHackTechMay 3, 20230Comments

News

Ask HN: How did my GitHub password breach and how to react? by jFriedensreich

I got a 2 way authentication warning from github that someone in canada successfully entered my github password and was stopped by 2 way authentication.Normally session warnings are business as usual but in this case my password was entered and it was generated by a password manager with high entropy, was only stored in dashlane

ByHackTechMarch 17, 20230Comments

News

How do 1Password store private keys locally when using Okta? by waspight

I understand that when using 1password with a regular password, the password (and your generated token) is used to encrypt your public/private key and store them locally, perhaps in localstorage?But you have the option to use SSO with Okta on 1password as well. When using that I don't think that the client is able to

ByHackTechFebruary 25, 20230Comments

News

Show HN: A password generator that doesn’t spy on you by janalsncm

copy lowercase letters uppercase letters

ByHackTechDecember 6, 20220Comments

News

Password based authentication without TLS using SASL by mooreds

TLS is the trusted way of sending messages over a TCP connection. TLS by default encrypts the payload before sending and decrypts after receiving the payload. But if you send plain text on a normal connection, then it can be easily spoofed. So, if we send a password as plain text in the normal tcp…

ByHackTechApril 8, 20220Comments

Sign Up to Our Newsletter