-
`lg(7776**4) ~= 51.7`
Is 51.7 bits of entropy really that good for a WPA2 password, if a DES key (54 bit key) takes an average of 12 hours to brute force (24 hours in the worst case)?
Extrapolating …
-
The naive version is MUCH faster. I think something is horribly wrong with the salt running of the supposed fast version.
Here are some timings of REAL WORK (not -test speeds). Yes, I know that the…
jfoug updated
10 years ago
-
The issue doesn't exist in core, just in bleeding-jumbo.
I tested on a 64bit Fedora 20 system:
```
$ ./john|head -n 1
John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo_omp [linux-gnu 6…
-
I recently read this stack:
http://stackoverflow.com/questions/18605294/is-devises-token-authenticatable-secure
in short they say that auth tokens should:
- changed after every request,
- of cryptogr…
-
The algorithm used to protect passwords is not secure. SHA1 has not been exposed the way MD5 has, but if you're going to use SHA1 you need to use PBKDF2 with the hash_hmac() algorithm. Otherwise, use …
-
```
$ ./john --format=MSCHAPv2 --list=format-tests |cut -f 4 > MSCHAPv2.pw
$ ./john --format=MSCHAPv2 --list=format-tests |cut -f 3 > MSCHAPv2.hashes
$ ./john --format=MSCHAPv2 MSCHAPv2.hashes --word…
-
While running a local VM, I got an error about some compress key missing and that I needed to run `manage.py compress`. This is a new issue, but it looks like compress has been around for some time.
…
-
I have problems with this short section - don't know whether they're mine only...
"To a modern attack, salts quite simply don't matter". I could not find out why not. Here is my explanation why slat …
-
-
Lot of people are inquiring about when the new jumbo release will be made. It has been a while since 1.8.0 came out.
It's time to release 1.8.0-jumbo1, guys!
CC @hdm.