pbkdf2

问题 We wanted to benchmark the hash_pbkdf2 function in PHP to select an appropriate number of iterations for our application to use. When I ran my benchmark script on an m4.large AWS instance, it took five orders of magnitude longer to run than it does on my laptop. This Gist shows the script I am using, and the results I get from an m4.large instance (under load), a t2.micro instance (with full CPU credits and no load) and three different speed Intel i7 laptops. https://gist.github.com/roberthl

问题 I am trying to learn cryptography with saving passwords in database with hashing and salting, so I decided to make a login-system trying implementing this system. My database consist of UserID int PK Username varchar(250) Salt varbinary(64) Password varbinary(64) RegDate datetime Email varchar(250) I am using PBKDF2 , but it seems like this isn't a hashing / salting method, what is it if it isn't? If so I am doing this right? My Keys private const int SALT_SIZE = 64; private const int KEY

问题 I have to translate this Python code to NodeJS: from passlib.hash import pbkdf2_sha256 pbkdf2_sha256.verify('12345678', '$pbkdf2-sha256$2000$8R7jHOOcs7YWImRM6V1LqQ$CIdNv8YlLlCZfeFJihZs7eQxBsauvVfV05v07Ca2Yzg') >> True The code above is the entire code, i.e. there is no othe parameters/settings (just run pip install passlib before you run it to install the passlib package). I am looking for the correct implementation of validatePassword function in Node that will pass this positive

问题 Edit: my question has been updated, check the bottom of this post for the latest issue. I left the rest up for people who want to read the whole story :) I've been working on translating a small Java application into Node.js, which for the most part has been going very well. I've had to look up a lot of Java functions to figure out what they do and how to replicate their behaviour in Node (since I have pretty much no experience whatsoever with Java), but I got most of the functionality

问题 I have a database from django and I want to work with it from Node.js. I have a task: authenticate users. Known from database: algorithm pbkdf2_sha256, salt, 10000 iterations and base64-encoded hash. What steps I must to do in JS to encode some password to given base64-hash? UPD: found the solution in here: python (django) hashlib vs Nodejs crypto but Django-generated hash and JS-generated hash not match... Django generate next: pbkdf2_sha256$10000$NmzpPCQiTe2R$U8ipSsOy3Xz7FwWDHdH

问题 My function is as follows: pbkdf2($raw_pw,$salt,1000,128) 1000 is the number of passes, and 128 is the key size. The function returns a binary key which I use base64 to store it in the database. My question is: what's the recommended keysize and salt size for pbkdf2 using sha512? will a keysize of 32 be just as secure as a keysize of 128? 回答1: 1000 is the number of iterations, not passes. 128 Is the length at the end. According to Wikipedia (and my own little knowledge about cryptography) you

问题 After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1. However I'm curious how easily one could brute force that. I'm looking at our password complexity rules, and am wondering how fast it'd take to do (say) 8 length lower case ascii letters. This guide to cracking the LinkedIn password hash, has someone doing 430 million sha1 hashes per second on a GPU. http://erratasec

问题 Recently I have been digging into cryptography and getting hashing and encryption functions working in Excel which I might use in a project I am working on. I got simple hashing functions working using, for example: Function Hash(ByVal plainText As String) Dim utf8Encoding As Object Dim hashManager As Object Dim hashBytes() As Byte Set utf8Encoding = CreateObject("System.Text.UTF8Encoding") Set hashManager = CreateObject("System.Security.Cryptography.SHA512Managed") hashBytes = utf8Encoding

问题 I am relatively new to php, and just beginning to grasp the point of salt when it comes to hashing passwords (I think?). Anyways, here's my problem... Right now I have a mysql database with a username, password, salt field. The password field length is 64 chars, the salt field is 3 chars. Upon registry, each username is assigned a random salt. I am not having any issues with this (I believe). First, the user's desired password is hashed via: $hashedinput = hash ('sha256', $input); The user's

问题 It seems that I have a thread-safety issue with Cipher and/or PBEKeySpec. JDK : 1.8.0_102, 1.8.0_151 and 9.0.1+11 PBKDF2 algorithm: PBKDF2WithHmacSHA1 Cipher algorithm: AES/CFB/NoPadding Key algorithm: AES I know these classes aren't tread-safe if we use the same instances, but that's not the case, I'm getting a new instance at each decode. But even that, sometimes the decode fails, there is no exception, just an unexpected decoded value. I've been able to reproduce the problem: @Test public