VirtualTam's bookmarks

1. Storing hashes: bcrypt, pbkdf2, sha256-crypt, sha512-crypt 2021-01-03

   tags: cryptography, cryptography/hash, cryptography/hash/bcrypt, cryptography/hash/pbkdf2, cryptography/hash/sha, security/password

   [ permalink ]

   • https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage
   • https://security.stackexchange.com/questions/17421/how-to-store-salt
   • https://codahale.com/how-to-safely-store-a-password/
   • https://security.stackexchange.com/questions/133239/what-is-the-specific-reason-to-prefer-bcrypt-or-pbkdf2-over-sha256-crypt-in-pass
   • https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846
2. How would git handle a SHA-1 collision on a blob? - Stack Overflow 2015-02-14

   tags: algorithm, code, collision, commit, cryptography/hash, patch, review, security, sha1, source-code-management/gerrit, source-code-management/git

   [ permalink ]

   • https://en.wikipedia.org/wiki/SHA-1
   • http://stackoverflow.com/questions/1867191/probability-of-sha1-collisions
   • http://en.wikipedia.org/wiki/Birthday_problem

   Some thoughts we had while toying with Gerrit, which artificially tracks different commits to group them as "patch sets", by using a Change-Id SHA-1 in the commit message:

   • https://gerrit-review.googlesource.com/Documentation/cmd-hook-commit-msg.html
   • https://gerrit.googlesource.com/git-repo/+/master/hooks/commit-msg
3. gitbrute: bruteforce a Git commit SHA-1 2015-02-14

   tags: collision, commit, cryptography/hash, sha1, source-code-management/git

   [ permalink ]

   Applied example: https://github.com/bradfitz/deadbeef

4. FIPS 180-1 - Secure Hash Standard 2013-08-18

   tags: cryptography/hash, cryptography/hash/sha, development, privacy, security

   [ permalink ]