I’m attempting to learn C++ right now, but I am struggling on this project from here: https://ucsb-cs32.github.io/f19/lab/lab04a/
I’m desperate for help right now, as I have no idea how to do it. If anybody would be so kind as to explain how to do this project in detail, that would be wonderful.
This might be a very easy question. Let’s consider cryptograhic hash functions with the usual properties, weak and strong collision resistance and preimage resistance.
For any given output, obviously there are multiple inputs. But is that necessarily an infinite number of preimages, for any given hash value?
How would I go about giving a formal proof that there exists no crypto hash function h() such that there is a given value v = h(m*) for which the possible set of inputs m* is finite? Would this necessarily break collision resistance?
I have a list of malicious hashes. I want to scan the end system with that list to find if the file is present. Please let me know if any script available for same
I have a router
Huawei HG8145V5 and I backup config file in order to find root password, but I found that password is encrypted and here is how does it look like
UserName="root" Password="$ 2tMx=+eY3+*g46l*b@Uk<3YN$ L`<#K!j(5a%(5\G1ma7;;hP=RH.:q[XMze!FL43,O#}Fz9zLFQ6/>!:)aHY:QL/Bg<TMj(5^U2$ I$ " Salt="8d72593e65eac9eccfc75ce7"
I tried SHA256(MD5(password)) but its not sha256 its something diferent
I’m looking for established patterns of how to handle the stored password hash and the hash of the password for the current login attempt. These are the principles I’m looking to satisfy I think:
1) minimize transit time of the plain text password -> hash password immediately after the POST request is submitted. I understand client side hashing could be combined with server side hashing, but I’m not considering that at this moment.
2) minimize transit of the stored (correct) hash -> this is the authoritative hash, so attempt to minimize attack surface area. Bring the password hash for the current login attempt to the hash storage medium (or close to it).
Regarding the handling of the stored hash, I found a source that was discussing the use of a separate table (or DB) with separate credentials, and stored procedures to compare the incoming login hash. However, I can’t find that source again. If anyone has an authoritative link to a discussion on this topic, I would be interested.
In the end, I would lean towards a method that affords good security, and is relatively easy to do correctly. I’d like to avoid a method that should provide the best security, but is difficult to do correctly, thereby forfeiting the security benefit.
Q: At some point, I need to compare the stored hash with the login hash, but it isn’t clear WHERE I should do this. Is there a commonly accepted place in code to do so?
Q: Are there other aspects of hash management that I’ve overlooked so far?
I read a C++ implementation of a hash map here. https://www.geeksforgeeks.org/implementing-hash-table-open-addressing-linear-probing-cpp/
Let’s say key
k1 has a hash index of
h. Suppose there’s a collision with key
k2 such that
hash(k1) == hash(k2). Then won’t the new hash index of
Key: k1 Index: h Key: k2 Index: h+1
Suppose we introduce a third key
k3 such that
hash(k3) == h+1. Then when we insert
k3 into the hash map, its hash index will become
Key: k1 Hash value: h Hash table index: h Key: k2 Hash value: h Hash table index: h+1 Key: k3 Hash value: h+1 Hash table index: h+2
This can cause the hash indexes for keys to be shifted over 1 in the case of collisions (as seen above), and if collisions happen frequently then they could be shifted over more than once.
Is this a bad implementation of a hash map? From an aesthetic point of view I prefer the linked approach, where each hash node has a pointer to a next node, such that if multiple nodes have the same hash index, they are all part of the same linked list starting at that hash index.
In the linked approach, at least we have the assurance that a key will logically correspond to its hash index in the hash table, even if it’s part of a linked list (in which case it doesn’t physically correspond, but logically still does, since the head of the linked list is stored there).
Is the implementation of the hash map in GeeksForGeeks bad? Is the linked approach more logical and intuitive? What are your thoughts?
Note: The linked approach I refer to is simply to store a linked list at each hash index in the hash table, such that if multiple keys are hashed to that index, they are stored in this linked list.
If I know the hash of a program you intend to install is d306c9f6c5…, if I generate some other file that hashes to that value, I could wreak all sorts of havoc. – from https://nakamoto.com/hash-functions/
Theoretically, If you know the hash of a program one intends to install and you generate another file that hashes to that value what could you do?
i need help with this: for an exercise i need to crack this hash
$ apr1$ cy5UgTjB$ 1D.TuLHrP.Q5ZN7evMbRS1 I found with hash-identifier that it’s a MD5(APR) hash, -m 1600 in hashcat. So i runned:
hashcat -a 0 -m 1600 $ apr1$ cy5UgTjB$ 1D.TuLHrP.Q5ZN7evMbRS1 /usr/share/wordlists/rockyou.txt --force
But i get this error
Hash 'D.TuLHrP.Q5ZN7evMbRS1:asltey': Separator unmatched No hashes loaded.
Do you know why? Thank you.
I learnt about “perfect square hashing” – a stacking algorithm given a S subset U subset of N-size keys, creating the O(N^2) hashing table and mapping the keys to it O(N). After creating the table each key search takes O(1).
But I want to work under a different assumption:
At the start of the algorithem we only get N, the size of the subset of keys that we will need to add to the data structure during the entire run, but we will receive the keys themselves during the run in a scattered way and we do not know what those keys will be (only they are from our U key space). We want running time O(1) (not for expectation) for every income and search during the run.
I need to propose a data structure (and algorithms) that, given N (the number of keys that will enter the data structure when used) is initialized in O(N^2) and then allows insertion and search of keys so that the probability is greater than 1/2. Each of these operations run time is O(1) for each key during the run.
I can’t find anything to work as expected, can you help me?
I was intercepting some HTTP POST requests while doing some pentests for the company i work for and i found this POST request:
I ran this through several hashing sites to see if it was a simple MD5 or SHA1 but no luck.
Some backstory…this was from some authentication via an inductive automation app.