#hashing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hashing, aggregated by home.social.
-
«Security — 60% of MD5 password hashes are crackable in under an hour:
Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?»I don't want to know where MD5 is still being used for services in the background. The dark side is certainly bigger than we assume.
#nomorepasswords #itsecurity #itsec #security #happyworldpolarbearday #md5 #hashing
-
Developing a Minimally HashDoS Resistant, Yet Quickly Reversible Integer Hash for V8, by @joyeecheung (@nodejs):
-
Matrix Hashing uses two hash functions and a 2D array to achieve O(1) lookups with minimal collisions and a small sorted overflow for scalable systems. https://hackernoon.com/matrix-hashing-two-level-collision-resolution-for-scalable-lookups #hashing
-
Hashing cannot be reversed. Prove me wrong!
YouTube video featuring the amazing Michael Pound: https://youtu.be/OzVzo9gtiec
#hash #encryption #hashing #vpn #crypto #cryptography #md5 #sha #learn
-
Hashing cannot be reversed. Prove me wrong!
YouTube video featuring the amazing Michael Pound: https://youtu.be/OzVzo9gtiec
#hash #encryption #hashing #vpn #crypto #cryptography #md5 #sha #learn
-
Hashing cannot be reversed. Prove me wrong!
YouTube video featuring the amazing Michael Pound: https://youtu.be/OzVzo9gtiec
#hash #encryption #hashing #vpn #crypto #cryptography #md5 #sha #learn
-
Hashing cannot be reversed. Prove me wrong!
YouTube video featuring the amazing Michael Pound: https://youtu.be/OzVzo9gtiec
#hash #encryption #hashing #vpn #crypto #cryptography #md5 #sha #learn
-
Hashing cannot be reversed. Prove me wrong!
YouTube video featuring the amazing Michael Pound: https://youtu.be/OzVzo9gtiec
#hash #encryption #hashing #vpn #crypto #cryptography #md5 #sha #learn
-
El lado del mal - Bitcoin vs Quantum Computers: Hora de pasar a Post-Quantum Cryptography https://elladodelmal.com/2025/12/bitcoin-vs-quantum-computers-hora-de.html #BitCoin #PQC #Criptografia #Hashing #ECDSA #SLHDSA #Criptomonedas #Blockchain #Quantum
-
El lado del mal - Bitcoin vs Quantum Computers: Hora de pasar a Post-Quantum Cryptography https://elladodelmal.com/2025/12/bitcoin-vs-quantum-computers-hora-de.html #BitCoin #PQC #Criptografia #Hashing #ECDSA #SLHDSA #Criptomonedas #Blockchain #Quantum
-
El lado del mal - Bitcoin vs Quantum Computers: Hora de pasar a Post-Quantum Cryptography https://elladodelmal.com/2025/12/bitcoin-vs-quantum-computers-hora-de.html #BitCoin #PQC #Criptografia #Hashing #ECDSA #SLHDSA #Criptomonedas #Blockchain #Quantum
-
El lado del mal - Bitcoin vs Quantum Computers: Hora de pasar a Post-Quantum Cryptography https://elladodelmal.com/2025/12/bitcoin-vs-quantum-computers-hora-de.html #BitCoin #PQC #Criptografia #Hashing #ECDSA #SLHDSA #Criptomonedas #Blockchain #Quantum
-
El lado del mal - Bitcoin vs Quantum Computers: Hora de pasar a Post-Quantum Cryptography https://elladodelmal.com/2025/12/bitcoin-vs-quantum-computers-hora-de.html #BitCoin #PQC #Criptografia #Hashing #ECDSA #SLHDSA #Criptomonedas #Blockchain #Quantum
-
Constructing the Word's First JPEG XL MD5 Hash Quine
https://stackchk.fail/blog/jxl_hashquine_writeup
#HackerNews #JPEGXL #MD5 #Hash #Quine #Hashing #Programming #HackerNews
-
Ever thought hashes could paint colors or shape avatars?
In this new Quarkus tutorial, I explore creative uses of Apache Commons Codec — from deterministic color generation to distributed fingerprints.🔗 https://www.the-main-thread.com/p/creative-digest-applications-quarkus-apache-commons-codec
-
Can there be a #password #hashing algorithm that considers the distance between each character key on a keyboard (of some specific layout, say QWERTY)? The difficulty of hitting the correct character on a small 26-key on-screen keyboard on my phone is making me think whether we should have a relaxed algorithm that gives some fault tolerance... (Surely it'll not be as secure, but it could allow longer passwords on phones.)
-
When Your Hash Becomes a String: Hunting Ruby's Million-to-One Memory Bug
https://mensfeld.pl/2025/11/ruby-ffi-gc-bug-hash-becomes-string/
#HackerNews #Ruby #Memory #Bug #Hashing #FFI #Programming #Debugging
-
“Modern Perfect Hashing”, Steinar H. Gunderson (https://blog.sesse.net/blog/tech/2025-10-23-21-23_modern_perfect_hashing.html).
Via HN: https://news.ycombinator.com/item?id=45689905
On Lobsters: https://lobste.rs/s/i33fks/modern_perfect_hashing
#Hashing #PerfectHashing #Programming #LexicalAnalysis #Tokenization #Compilers #Algorithms
-
Love 😍 such articles that cover a topic in depth:
“Modern Perfect Hashing For Strings” [2023], Wojciech Muła (http://0x80.pl/notesen/2023-04-30-lookup-in-strings.html).
On HN: https://news.ycombinator.com/item?id=35764176
#Hashing #PerfectHashing #Lexing #LexicalAnalysis #Programming #Algorithms #Trie #gperf #Tokenization
-
[New Blog Post] A Slotted Hash Cons for Alpha Invariance https://www.philipzucker.com/slotted_hash_cons/ #hashing #egraph #lambda
-
New crate published: https://crates.io/crates/souphash
SoupHash: an order-independent hash function. Designed to be used for hashing unordered collections, or hashing over multiple threads.
This has not been extensively reviewed, so any kind of feedback is more than welcome!
-
Hashing is an Integrity control that helps ensure data has not been tampered with. It provides a unique digital fingerprint for verification. #Hashing
-
THE FEATURE #LARAVEL DIDN'T WANT YOU TO HAVE!
Just a little helper to make fingerprints:
https://github.com/Laragear/Fingerprint
#PHP #Programming #Software #SoftwareDevelopment #WebDevelopment #WebDev #AppDevelopment #AppDev #Coding #Code #GitHub #Git #Cryptography #Security #Hash #Hashing #Fingerprint #digitalfingerprint
-
Ah yes, because the world was desperately incomplete without a way to hash a 25-byte string in merely 68 clock cycles. 😴🔧 Meanwhile, the rest of us are still waiting for the riveting sequel where we parallelize the #parallelization of parallelizing. 🚀💼
https://www.controlpaths.com/2025/06/29/parallelizing_sha256-calculation-fpga/ #hashing #innovation #tech #humor #developer #life #HackerNews #ngated -
Collection of universal hashing functions in Rust:
-
🎲 Oh, the joys of #hashing your way to oblivion! It's somehow "groundbreaking" that the #math behind hash collisions is akin to picking a random box 🤯. Who knew computer science could be distilled into a carnival game? 🎪📚
https://kevingal.com/blog/collisions.html #hashcollisions #computerscience #carnivalgame #groundbreaking #HackerNews #ngated -
Hashes for the Masses: Finding What Matters in a Sea of Samples
A short while back, I released a pair of tools for building MD5 hash sets — one targeting known-good gold builds, the other designed for scanning malware corpora. The goal was simple: generate hash sets that could be used in forensics tools like Axiom Cyber to flag IOC matches during case processing.
Recently, I hit a familiar problem: I had a hash and wanted to know if that file existed in my malware library. Step one was updating my tooling to support SHA256 — the modern standard for hash sharing — and regenerating the hash sets. That part worked. I could search for a hash and confirm whether it appeared in my set.
But what if I got a match?
At that point, I realized: I had no way to correlate the match back to the original file. With ~30,000 samples in the library, “just eyeballing it” wasn’t an option.
As I’ve been coding up new tools — or revisiting earlier ones — I’ve discovered that rabbit holes have rabbit holes.
So I updated the SHA256 tool to not only generate a hash set, but also produce a .tsv lookup table mapping each hash to its full file path. This made the sets usable both in forensics platforms and for custom lookups in more ad hoc workflows. As they say: necessity is the mother of intention.
Of course, that led to another realization. I now had four hashing tools — two for MD5 (MZ and non-MZ), and two for SHA256. The “Hashing Tools” section in MalChela was getting a bit crowded.
Back to the drawing board.
The Result: Three Unified Tools
I consolidated and upgraded everything into three tools — all of which support both CLI and GUI usage.
#️⃣ MZHash (replaces mzmd5)
• Uses YARA to recursively scan for files with an MZ header (i.e., Windows executables and DLLs)
• Generates one hash file per selected algorithm: MD5, SHA1, SHA256
• Also creates a .tsv lookup file for each, mapping hashes to paths
cargo run -p mzhash /directory/to/scan -- -a MD5 -a SHA1 -a SHA256Via GUI, you can browse to the folder and check boxes for each algorithm.
🌐 XMZHash (replaces xmzmd5)
• Uses YARA to skip over files with MZ, ZIP, or PDF headers
• Hashes everything else — ideal for surfacing Linux, Mac, or unusual samples from a mixed malware corpus
• Also supports .tsv lookup file generation
cargo run -p xmzhash /directory/to/scan -- -a MD5 -a SHA1 -a SHA256The idea: hash what’s not obviously Windows, document-related, or un-extracted samples.
XMZHash🔍 HashCheck
Okay, so naming might not be my strong suit. But this tool’s direct.
• Provide a hash value and a .txt or .tsv hash set
• It checks for matches, and if you’re using a .tsv, it shows the file path of the match
• Great for live triage, corpus hunting, or checking known-bads
Hash Checkcargo run -p hashcheck ./hashes.tsv 44d88612fea8a8f36de82e1278abb02fIn Summary
MalChela 2.2.1 expands its hashing toolkit with the introduction of HashCheck, MZHash, and XMZHash — giving analysts faster ways to flag known-good, isolate unknowns, and build actionable sets. In this release, we’ve also said goodbye to legacy tools, standardized output saving, and doubled down on clarity across both CLI and GUI workflows.
Download: https://github.com/dwmetz/MalChela/releases
User Guide: https://dwmetz.github.io/MalChela/
-
Consistent Hash Ring
https://gallery.selfboot.cn/en/algorithms/hashring
#HackerNews #Consistent #Hash #Ring #algorithms #distributed-systems #hashing #data-structures #tech-news
-
Merkle-tree: Как проверить целостность данных без полного доступа?
Хэширование — простой и надёжный способ проверить целостность данных. Но как быть, если нужно удостовериться, что часть данных принадлежит определённому набору ? Например, проверить отдельную транзакцию в блоке Bitcoin или чанк файла в BitTorrent? Для этого используется уникальная структура данных — Merkle-tree . В этой статье вы узнаете, как с её помощью решать задачи проверки данных без доступа к их полному объёму.
https://habr.com/ru/articles/873718/
#merkleproof #merkle_tree #merkle_patricia_tree #blockchain #bitcoin #bittorrent #hash #hashing #distributed_systems #guide
-
For medical records you can imagine we want to know, and show, that the record we see is the record that was made, all of it, and only it.
This may be accomplished by passing the (element of the) record through a #trapdoor #function, or #hashing #algorithm such as SHA1 (secure hash algorithm 1) and sending the hash somewhere else.
The hash is small, compared with the medical note, and tiny compared to a photograph.
…
-
Cryptography tutorial from the amazing Stephen Sims!
YouTube video: https://youtu.be/DjhJV_-mM5o
#vpn #hash #hashing #encryption #cyber #cybersecurity #infosec #infomationsecurity #aes #des #sha #md5 #ssl #ssh
-
So ... due to an early obsession with historical BSD hashes ... I have significantly more bcrypt hashrate-per-watt cracking capacity than most solo shops. For bcrypt cost 12, it's about 34Kh/s straight wordlist -- the equivalent of about 17 4090s -- at only 1100W (these old Bitcoin FPGAs are very efficient for bcrypt specifically). And this capacity is intermittently idle, which is kinda a shame.
I haven't really put it out there as something I can help with if needed (outside of the Hashcat team). So ... feel free to ping me if you need bcrypts cracked/audited!
(Reasonable rates, but note that I do have a pretty firmly high bar for provenance / proof of authorization)
(Rat's nest of USB has been cleaned up a bit 😅)
-
'Random measure priors in Bayesian recovery from sketches', by Mario Beraha, Stefano Favaro, Matteo Sesia.
http://jmlr.org/papers/v25/23-1058.html
#hashing #priors #prior -
When a target hashlist has a significantly lower percentage of cracks than expected, I've started calling the remaining/missing cracks "dark matter".
Some potential causes of cracking "dark matter":
Site changed methodologies later: switched to a nested hash, added a pepper, HSM, true encryption layer, etc.
High number of automatically random-ish passwords: defaults, resets, bots, randomized on account lock, etc.
Complexity requirements higher than expected: high minimum length, etc.
Attacker (me) is missing key info: language, encoding, demographics, etc.
What could other causes be?
-
🚀 Excited to share I Just published a new blog post on scaling strategies at Wix Engineering:
🔹 When to switch to horizontal scaling?
🔹 How to choose the perfect routing or sharding key?We'd love for you to check it out: https://medium.com/p/29ab44b2d5b4
-
To manage passwords in #golang, check out the following #gogen packages:
* Generate new #passwords: https://pkg.go.dev/github.com/tecnickcom/gogen/pkg/random.
* Check for #similarity with existing passwords: https://pkg.go.dev/github.com/tecnickcom/gogen/pkg/stringmetric.
* Compare passwords against #compromised ones (#pwned): https://pkg.go.dev/github.com/tecnickcom/gogen/pkg/passwordpwned.
* Secure password #hashing, #storage, and #verification: https://pkg.go.dev/github.com/tecnickcom/gogen/pkg/passwordhash (based on #OWASP Password Storage Cheat advice).See also: #awssecretcache, #encrypt, #jwt, #redact, #randkey.
-
SSDeep и все-все-все
Для систем класса анализа внешней поверхности атак (External Attack Surface Management, EASM), непрерывно перелопачивающих обширное пространство Интернета, способность эффективно выявлять повторяющийся или тесно связанный контент имеет важное значение. Для решения этой задачи мы в СайберОК интегрировали в СКИПА различные механизмы от тривиальных регэкспов до больших языковых моделей (LLM, Large Language Model). В этой статье мы рассмотрим один из подобных трюков – использование нечеткого хеширования (fuzzy-hashing aka similarity hashing).
-
So @solardiz presented a talk on "Password cracking: past, present, future" at OffensiveCon last week. Definitely worth a read - bringing his usual disciplined thinking to a topic he knows very well.
He includes both historical and taxonomical perspectives, both of which I appreciate. Apparently, one of the first password-cracking contests was in 1982? (This was a password cracker contest - seeking the best cracking software!)
https://www.openwall.com/presentations/OffensiveCon2024-Password-Cracking/
[Will update post if video of the talk itself appears.]
-
Is someone else missing the "ad" parameter (optional secret data) at Argon2 command line tool?
🤔 AFAIK also missing on all javascript bindings. Not the case for the active Rust binding that uses this secret parameter though#argon2 #hash #keyed_hashing #hashing #password_hashing #linux
-
so... where my hash house harriers at?
🐇👣 #hashing #beer #running #TrueTrail #NotNecessarily #OnOn #OnIn 🍻🍻🍻
-
[Paper of the day][#18] How do you triage #malware? How do you tell two files are similar? An interesting static analysis approach is to use #similarity #hashing tools, such as #ssdeep and #sdhash. However, to be effective, their application can't be straightforward, but should follow a protocol. In this paper, we discuss how to efficiently apply these functions for malware family classification. We show that hashing only the instruction disassembly has a greater impact than hashing the entire file. Check this result and much more.
Academic paper: https://www.sciencedirect.com/science/article/pii/S2666281721001281
Archived version: https://secret.inf.ufpr.br/papers/marcus_similarity_hashing.pdf -
@digitalcourage.de @digitalcourage
Die Funk-Redaktion hat das Gespräch mit Sebastian Meineck nach dem Zerschneiden leider an einer Stelle falsch zusammengefügt und einen falschen Sinnzusammenhang hergestellt:
#E2EE wird nicht durch #hashing umgangen, sondern durch #keylogging und #screenshotting.
Eine Datenbank mit Medien-Hashes braucht ein solcher #Uploadfilter auch, aber das ist unabhängig davon, ob E2EE umgangen oder gebrochen wird.
