home.social

#sha512 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sha512, aggregated by home.social.

  1. Mal eine Frage zu #crypt, #SHA512 und #base64 :

    Ich habe aus einem Excel-VBA-Dokument einen base64 kodierten Passworthash samt Salt und Rundenzahl. ...

    #John #JtR mag den aber leider nicht erkennen, weil er von Excel mit dem "normalen" base64 codiert wurde (zwei "==" am Ende) und die falsche Länge hätte.
    Crypt verwendet aber offenbar eine "spezielle Variante" von base64. 🤔

    KEnn jemand einen Weg, diesen standard-base64-hash in einen crypt-base64-hash umzuwandeln?

  2. Mal eine Frage zu #crypt, #SHA512 und #base64 :

    Ich habe aus einem Excel-VBA-Dokument einen base64 kodierten Passworthash samt Salt und Rundenzahl. ...

    #John #JtR mag den aber leider nicht erkennen, weil er von Excel mit dem "normalen" base64 codiert wurde (zwei "==" am Ende) und die falsche Länge hätte.
    Crypt verwendet aber offenbar eine "spezielle Variante" von base64. 🤔

    KEnn jemand einen Weg, diesen standard-base64-hash in einen crypt-base64-hash umzuwandeln?

  3. Mal eine Frage zu #crypt, #SHA512 und #base64 :

    Ich habe aus einem Excel-VBA-Dokument einen base64 kodierten Passworthash samt Salt und Rundenzahl. ...

    #John #JtR mag den aber leider nicht erkennen, weil er von Excel mit dem "normalen" base64 codiert wurde (zwei "==" am Ende) und die falsche Länge hätte.
    Crypt verwendet aber offenbar eine "spezielle Variante" von base64. 🤔

    KEnn jemand einen Weg, diesen standard-base64-hash in einen crypt-base64-hash umzuwandeln?

  4. Mal eine Frage zu #crypt, #SHA512 und #base64 :

    Ich habe aus einem Excel-VBA-Dokument einen base64 kodierten Passworthash samt Salt und Rundenzahl. ...

    #John #JtR mag den aber leider nicht erkennen, weil er von Excel mit dem "normalen" base64 codiert wurde (zwei "==" am Ende) und die falsche Länge hätte.
    Crypt verwendet aber offenbar eine "spezielle Variante" von base64. 🤔

    KEnn jemand einen Weg, diesen standard-base64-hash in einen crypt-base64-hash umzuwandeln?

  5. Реализация SHA256 и SHA512 на языке RUST

    Небольшая заметка студента о том, как самостоятельно реализовать алгоритмы SHA256 и SHA512 на Rust. Статья будет полезна всем, кто интересуется криптографией, хочет повысить уровень безопасности своих приложений или просто расширить свои знания в области программирования на Rust.

    habr.com/ru/articles/811639/

    #sha256 #sha512 #rust #криптография #хэширование #хэшфункция #пошаговая_инструкция #программирование

  6. Реализация SHA256 и SHA512 на языке RUST

    Небольшая заметка студента о том, как самостоятельно реализовать алгоритмы SHA256 и SHA512 на Rust. Статья будет полезна всем, кто интересуется криптографией, хочет повысить уровень безопасности своих приложений или просто расширить свои знания в области программирования на Rust.

    habr.com/ru/articles/811639/

    #sha256 #sha512 #rust #криптография #хэширование #хэшфункция #пошаговая_инструкция #программирование

  7. Реализация SHA256 и SHA512 на языке RUST

    Небольшая заметка студента о том, как самостоятельно реализовать алгоритмы SHA256 и SHA512 на Rust. Статья будет полезна всем, кто интересуется криптографией, хочет повысить уровень безопасности своих приложений или просто расширить свои знания в области программирования на Rust.

    habr.com/ru/articles/811639/

    #sha256 #sha512 #rust #криптография #хэширование #хэшфункция #пошаговая_инструкция #программирование

  8. Реализация SHA256 и SHA512 на языке RUST

    Небольшая заметка студента о том, как самостоятельно реализовать алгоритмы SHA256 и SHA512 на Rust. Статья будет полезна всем, кто интересуется криптографией, хочет повысить уровень безопасности своих приложений или просто расширить свои знания в области программирования на Rust.

    habr.com/ru/articles/811639/

    #sha256 #sha512 #rust #криптография #хэширование #хэшфункция #пошаговая_инструкция #программирование

  9. PuTTY 使用 ecdsa-sha2-nistp521 的漏洞

    看到「PuTTY vulnerability vuln-p521-bias (greenend.org.uk)」這個消息,官網的說明在「PuTTY vulnerability vuln-p521-bias」這邊。

    DSA 類的簽名演算法有個得很小心的地方,是 nonce 選擇不當會造成 key recovery,這在原文有提到:

    All DSA signat

    blog.gslin.org/archives/2024/0

    #Computer #Murmuring #Network #Security #Software #cryptography #generation #key #nist #p521 #p521 #putty #puttygen #security #sha512

  10. PuTTY 使用 ecdsa-sha2-nistp521 的漏洞

    看到「PuTTY vulnerability vuln-p521-bias (greenend.org.uk)」這個消息,官網的說明在「PuTTY vulnerability vuln-p521-bias」這邊。

    DSA 類的簽名演算法有個得很小心的地方,是 nonce 選擇不當會造成 key recovery,這在原文有提到:

    All DSA signat

    blog.gslin.org/archives/2024/0

    #Computer #Murmuring #Network #Security #Software #cryptography #generation #key #nist #p521 #p521 #putty #puttygen #security #sha512

  11. PuTTY 使用 ecdsa-sha2-nistp521 的漏洞

    看到「PuTTY vulnerability vuln-p521-bias (greenend.org.uk)」這個消息,官網的說明在「PuTTY vulnerability vuln-p521-bias」這邊。

    DSA 類的簽名演算法有個得很小心的地方,是 nonce 選擇不當會造成 key recovery,這在原文有提到:

    All DSA signat

    blog.gslin.org/archives/2024/0

    #Computer #Murmuring #Network #Security #Software #cryptography #generation #key #nist #p521 #p521 #putty #puttygen #security #sha512

  12. Didn't realize that #archlinux moved from #SHA512 to #yescrypt for password hashing. Makes sense seeing that #Fedora has for awhile now.

  13. CW: #VerifiedNews #VerifiedReporters #W3C #WebBrowser #RFE #RTDNA #OpenSource

    I wonder when the #NewsBusiness is going to get their #reporters to cryptographicly sign their #NewsStories with a built in #SHA512 module in all major #webbrowsers #W3C #IEEE #RFE #disinformation campaign fights #opensourcesoftware & extend this to #RSS readers also? 💯🤔

    ¹ Perhaps this #SHA512 generates a hash of 'the web page and the images / videos used' so that the whole thing can be 'verified by the #NewsOrganization & #TheReporter' as a cross signed #VerifiedNewsStory so one could, as a reader, know iF this has been modified via #MITM or not, showing the story as a #TrustedNewsStory?

    ² Perhaps simple, well established iconography, such as the lock 🔓🔒🗝️, color coded red or grey or green, could be used to show this like it does already for HTTPS?

    ³ Perhaps there is a #GPGP module that could be adapted for this purposes since there is a GPGP.js, init? #UIUX thots

    #EndToEndNewsBlockchain 🔗🔒💯

    #LoT (A per news organization #LedgerOfThings utilizing current #Blockchain technologies but on a per #NewsOrganizationLevelBlockchain that could interoperate with a master #NewsLoT for verification purposes that is country specific as well as regional specific as well as world level news #LoT specific for verification purposes 📰🗞️💯

    ⁶ Multi-Level checks could be utilized as this specification(s) rolls out so as to be an 🧅 layer verification system that iF even one thing fails, #SHA512, #LoTNewsOrgSpecific, #LoTNewsReporter, #LotNewsRegional, #LoTNewsNational, #LoTNewsWorld, #GPGPNewsOrg, #GPGNewsReporterSpecific, etc, there is a way to debug this #TamperProof #VerifiedNewsReportingArchitecture

    ⁷ "What would Phil Zimmerman.do?" 💯🤔

    #RTDNA #VerifiedNewsRSS #VerifiedNewsroom #VerifiedReporters specifications #RFE #news

    @evacide @eff
    @moznews
    @developers
    @rsa

  14. CW: #VerifiedNews #VerifiedReporters #W3C #WebBrowser #RFE #RTDNA #OpenSource

    I wonder when the #NewsBusiness is going to get their #reporters to cryptographicly sign their #NewsStories with a built in #SHA512 module in all major #webbrowsers #W3C #IEEE #RFE #disinformation campaign fights #opensourcesoftware & extend this to #RSS readers also? 💯🤔

    ¹ Perhaps this #SHA512 generates a hash of 'the web page and the images / videos used' so that the whole thing can be 'verified by the #NewsOrganization & #TheReporter' as a cross signed #VerifiedNewsStory so one could, as a reader, know iF this has been modified via #MITM or not, showing the story as a #TrustedNewsStory?

    ² Perhaps simple, well established iconography, such as the lock 🔓🔒🗝️, color coded red or grey or green, could be used to show this like it does already for HTTPS?

    ³ Perhaps there is a #GPGP module that could be adapted for this purposes since there is a GPGP.js, init? #UIUX thots

    #EndToEndNewsBlockchain 🔗🔒💯

    #LoT (A per news organization #LedgerOfThings utilizing current #Blockchain technologies but on a per #NewsOrganizationLevelBlockchain that could interoperate with a master #NewsLoT for verification purposes that is country specific as well as regional specific as well as world level news #LoT specific for verification purposes 📰🗞️💯

    ⁶ Multi-Level checks could be utilized as this specification(s) rolls out so as to be an 🧅 layer verification system that iF even one thing fails, #SHA512, #LoTNewsOrgSpecific, #LoTNewsReporter, #LotNewsRegional, #LoTNewsNational, #LoTNewsWorld, #GPGPNewsOrg, #GPGNewsReporterSpecific, etc, there is a way to debug this #TamperProof #VerifiedNewsReportingArchitecture

    ⁷ "What would Phil Zimmerman.do?" 💯🤔

    #RTDNA #VerifiedNewsRSS #VerifiedNewsroom #VerifiedReporters specifications #RFE #news

    @evacide @eff
    @moznews
    @developers
    @rsa

  15. CW: #VerifiedNews #VerifiedReporters #W3C #WebBrowser #RFE #RTDNA #OpenSource

    I wonder when the #NewsBusiness is going to get their #reporters to cryptographicly sign their #NewsStories with a built in #SHA512 module in all major #webbrowsers #W3C #IEEE #RFE #disinformation campaign fights #opensourcesoftware & extend this to #RSS readers also? 💯🤔

    ¹ Perhaps this #SHA512 generates a hash of 'the web page and the images / videos used' so that the whole thing can be 'verified by the #NewsOrganization & #TheReporter' as a cross signed #VerifiedNewsStory so one could, as a reader, know iF this has been modified via #MITM or not, showing the story as a #TrustedNewsStory?

    ² Perhaps simple, well established iconography, such as the lock 🔓🔒🗝️, color coded red or grey or green, could be used to show this like it does already for HTTPS?

    ³ Perhaps there is a #GPGP module that could be adapted for this purposes since there is a GPGP.js, init? #UIUX thots

    #EndToEndNewsBlockchain 🔗🔒💯

    #LoT (A per news organization #LedgerOfThings utilizing current #Blockchain technologies but on a per #NewsOrganizationLevelBlockchain that could interoperate with a master #NewsLoT for verification purposes that is country specific as well as regional specific as well as world level news #LoT specific for verification purposes 📰🗞️💯

    ⁶ Multi-Level checks could be utilized as this specification(s) rolls out so as to be an 🧅 layer verification system that iF even one thing fails, #SHA512, #LoTNewsOrgSpecific, #LoTNewsReporter, #LotNewsRegional, #LoTNewsNational, #LoTNewsWorld, #GPGPNewsOrg, #GPGNewsReporterSpecific, etc, there is a way to debug this #TamperProof #VerifiedNewsReportingArchitecture

    ⁷ "What would Phil Zimmerman.do?" 💯🤔

    #RTDNA #VerifiedNewsRSS #VerifiedNewsroom #VerifiedReporters specifications #RFE #news

    @evacide @eff
    @moznews
    @developers
    @rsa

  16. CW: #VerifiedNews #VerifiedReporters #W3C #WebBrowser #RFE #RTDNA #OpenSource

    I wonder when the #NewsBusiness is going to get their #reporters to cryptographicly sign their #NewsStories with a built in #SHA512 module in all major #webbrowsers #W3C #IEEE #RFE #disinformation campaign fights #opensourcesoftware & extend this to #RSS readers also? 💯🤔

    ¹ Perhaps this #SHA512 generates a hash of 'the web page and the images / videos used' so that the whole thing can be 'verified by the #NewsOrganization & #TheReporter' as a cross signed #VerifiedNewsStory so one could, as a reader, know iF this has been modified via #MITM or not, showing the story as a #TrustedNewsStory?

    ² Perhaps simple, well established iconography, such as the lock 🔓🔒🗝️, color coded red or grey or green, could be used to show this like it does already for HTTPS?

    ³ Perhaps there is a #GPGP module that could be adapted for this purposes since there is a GPGP.js, init? #UIUX thots

    #EndToEndNewsBlockchain 🔗🔒💯

    #LoT (A per news organization #LedgerOfThings utilizing current #Blockchain technologies but on a per #NewsOrganizationLevelBlockchain that could interoperate with a master #NewsLoT for verification purposes that is country specific as well as regional specific as well as world level news #LoT specific for verification purposes 📰🗞️💯

    ⁶ Multi-Level checks could be utilized as this specification(s) rolls out so as to be an 🧅 layer verification system that iF even one thing fails, #SHA512, #LoTNewsOrgSpecific, #LoTNewsReporter, #LotNewsRegional, #LoTNewsNational, #LoTNewsWorld, #GPGPNewsOrg, #GPGNewsReporterSpecific, etc, there is a way to debug this #TamperProof #VerifiedNewsReportingArchitecture

    ⁷ "What would Phil Zimmerman.do?" 💯🤔

    #RTDNA #VerifiedNewsRSS #VerifiedNewsroom #VerifiedReporters specifications #RFE #news

    @evacide @eff
    @moznews
    @developers
    @rsa

  17. CW: #VerifiedNews #VerifiedReporters #W3C #WebBrowser #RFE #RTDNA #OpenSource

    I wonder when the #NewsBusiness is going to get their #reporters to cryptographicly sign their #NewsStories with a built in #SHA512 module in all major #webbrowsers #W3C #IEEE #RFE #disinformation campaign fights #opensourcesoftware & extend this to #RSS readers also? 💯🤔

    ¹ Perhaps this #SHA512 generates a hash of 'the web page and the images / videos used' so that the whole thing can be 'verified by the #NewsOrganization & #TheReporter' as a cross signed #VerifiedNewsStory so one could, as a reader, know iF this has been modified via #MITM or not, showing the story as a #TrustedNewsStory?

    ² Perhaps simple, well established iconography, such as the lock 🔓🔒🗝️, color coded red or grey or green, could be used to show this like it does already for HTTPS?

    ³ Perhaps there is a #GPGP module that could be adapted for this purposes since there is a GPGP.js, init? #UIUX thots

    #EndToEndNewsBlockchain 🔗🔒💯

    #LoT (A per news organization #LedgerOfThings utilizing current #Blockchain technologies but on a per #NewsOrganizationLevelBlockchain that could interoperate with a master #NewsLoT for verification purposes that is country specific as well as regional specific as well as world level news #LoT specific for verification purposes 📰🗞️💯

    ⁶ Multi-Level checks could be utilized as this specification(s) rolls out so as to be an 🧅 layer verification system that iF even one thing fails, #SHA512, #LoTNewsOrgSpecific, #LoTNewsReporter, #LotNewsRegional, #LoTNewsNational, #LoTNewsWorld, #GPGPNewsOrg, #GPGNewsReporterSpecific, etc, there is a way to debug this #TamperProof #VerifiedNewsReportingArchitecture

    ⁷ "What would Phil Zimmerman.do?" 💯🤔

    #RTDNA #VerifiedNewsRSS #VerifiedNewsroom #VerifiedReporters specifications #RFE #news

    @evacide @eff
    @moznews
    @developers
    @rsa

  18. #openbsd #signify #sha512 #video #shell #example
    forth.noip.me:8443/w/tbHRyGBnk
    I'm an addict! Aside from putting absolute paths in my manifest, did I do ok [openbsd sysadmin friends] ? @solene @claudiom at lots-of-people-I-missed

    @ldbeth @mhcat @trurl @svetlyak40wt @galdor how does everyone sign their [lisp] projects? What's your flow?

    I'm now a video addict

  19. #gopher phost on #signify and #sha512 #openbsd #shell #crypto to go with my (first) coding #video
    forth.noip.me:8443/w/6yEGHyk1Z

    (Check gopher.club/1/users/screwtape )
    I didn't disseminate my signify public key yet, tomorrow, tomorrow..

  20. I like the idea of Wikipedia's #CommittedIdentity (see: https://meta.wikimedia.org/wiki/Template:User_committed_identity ).

    You can prove you are who you claim you are by revealing to the trusted third-party the text you #sha512 hashed. This allows them to hash it themselves and compare if it matches the hash you provided.

    I think this can also be implemented in other services as a last resort. Here's a scenario:

    1. Your account was compromised

    2. The unauthorised user changed your password and account details. Probably also invalidated your #TwoFactorAuthentication (they gained access because you saved your #2FA, and it was compromised).

    3. In the gaming industry, we can help you by asking old information only you can know. Outside the gaming industry, it is not an option, for example, small services like #Fediverse instances.

    4. However, the said service allows one to enter a “Committed Identity” hash. This information, once entered, can never be changed, and it is hidden (only viewable by the admins). Because of this, the unauthorised user can never change it (unless it's an inside job).

    5. You, the original owner, can proceed with verification. The said service will be able to verify your ownership, add your email back, and send you a password reset link.

    6. The service will then invalidate the committed identity hash, however, it will remain on record, still hidden.

    7. After recovering your account, you have to set a new committed identity hash.

    8. You have to remember your previous hash, as the service can ask what was your old hash, as another form of verification. (Which only you should ever have knowledge of.)

    Q: What if I want to update my committed identity hash?
    A: You will have to contact the service customer support because it is only them who can invalidate it.

    The first step they will do is ask you for your secret, or the text you hashed with sha512. If it matches, then they can invalidate it and let you set a new one.

    Q: How can I create a hash?
    A: WikiMedia / Wikipedia is using this online tool: https://ftools.toolforge.org/general/text2hash.html if you are not a techie.

    ---

    At least that's the basic idea.

    Found the “Committed identity” via @boud 's Wikipedia profile.

    #Security #Verification #Identiy
  21. I like the idea of Wikipedia's #CommittedIdentity (see: https://meta.wikimedia.org/wiki/Template:User_committed_identity ).

    You can prove you are who you claim you are by revealing to the trusted third-party the text you #sha512 hashed. This allows them to hash it themselves and compare if it matches the hash you provided.

    I think this can also be implemented in other services as a last resort. Here's a scenario:

    1. Your account was compromised

    2. The unauthorised user changed your password and account details. Probably also invalidated your #TwoFactorAuthentication (they gained access because you saved your #2FA, and it was compromised).

    3. In the gaming industry, we can help you by asking old information only you can know. Outside the gaming industry, it is not an option, for example, small services like #Fediverse instances.

    4. However, the said service allows one to enter a “Committed Identity” hash. This information, once entered, can never be changed, and it is hidden (only viewable by the admins). Because of this, the unauthorised user can never change it (unless it's an inside job).

    5. You, the original owner, can proceed with verification. The said service will be able to verify your ownership, add your email back, and send you a password reset link.

    6. The service will then invalidate the committed identity hash, however, it will remain on record, still hidden.

    7. After recovering your account, you have to set a new committed identity hash.

    8. You have to remember your previous hash, as the service can ask what was your old hash, as another form of verification. (Which only you should ever have knowledge of.)

    Q: What if I want to update my committed identity hash?
    A: You will have to contact the service customer support because it is only them who can invalidate it.

    The first step they will do is ask you for your secret, or the text you hashed with sha512. If it matches, then they can invalidate it and let you set a new one.

    Q: How can I create a hash?
    A: WikiMedia / Wikipedia is using this online tool: https://ftools.toolforge.org/general/text2hash.html if you are not a techie.

    ---

    At least that's the basic idea.

    Found the “Committed identity” via @boud 's Wikipedia profile.

    #Security #Verification #Identiy
  22. I like the idea of Wikipedia's #CommittedIdentity (see: https://meta.wikimedia.org/wiki/Template:User_committed_identity ).

    You can prove you are who you claim you are by revealing to the trusted third-party the text you #sha512 hashed. This allows them to hash it themselves and compare if it matches the hash you provided.

    I think this can also be implemented in other services as a last resort. Here's a scenario:

    1. Your account was compromised

    2. The unauthorised user changed your password and account details. Probably also invalidated your #TwoFactorAuthentication (they gained access because you saved your #2FA, and it was compromised).

    3. In the gaming industry, we can help you by asking old information only you can know. Outside the gaming industry, it is not an option, for example, small services like #Fediverse instances.

    4. However, the said service allows one to enter a “Committed Identity” hash. This information, once entered, can never be changed, and it is hidden (only viewable by the admins). Because of this, the unauthorised user can never change it (unless it's an inside job).

    5. You, the original owner, can proceed with verification. The said service will be able to verify your ownership, add your email back, and send you a password reset link.

    6. The service will then invalidate the committed identity hash, however, it will remain on record, still hidden.

    7. After recovering your account, you have to set a new committed identity hash.

    8. You have to remember your previous hash, as the service can ask what was your old hash, as another form of verification. (Which only you should ever have knowledge of.)

    Q: What if I want to update my committed identity hash?
    A: You will have to contact the service customer support because it is only them who can invalidate it.

    The first step they will do is ask you for your secret, or the text you hashed with sha512. If it matches, then they can invalidate it and let you set a new one.

    Q: How can I create a hash?
    A: WikiMedia / Wikipedia is using this online tool: https://ftools.toolforge.org/general/text2hash.html if you are not a techie.

    ---

    At least that's the basic idea.

    Found the “Committed identity” via @boud 's Wikipedia profile.

    #Security #Verification #Identiy
  23. I like the idea of Wikipedia's #CommittedIdentity (see: https://meta.wikimedia.org/wiki/Template:User_committed_identity ).

    You can prove you are who you claim you are by revealing to the trusted third-party the text you #sha512 hashed. This allows them to hash it themselves and compare if it matches the hash you provided.

    I think this can also be implemented in other services as a last resort. Here's a scenario:

    1. Your account was compromised

    2. The unauthorised user changed your password and account details. Probably also invalidated your #TwoFactorAuthentication (they gained access because you saved your #2FA, and it was compromised).

    3. In the gaming industry, we can help you by asking old information only you can know. Outside the gaming industry, it is not an option, for example, small services like #Fediverse instances.

    4. However, the said service allows one to enter a “Committed Identity” hash. This information, once entered, can never be changed, and it is hidden (only viewable by the admins). Because of this, the unauthorised user can never change it (unless it's an inside job).

    5. You, the original owner, can proceed with verification. The said service will be able to verify your ownership, add your email back, and send you a password reset link.

    6. The service will then invalidate the committed identity hash, however, it will remain on record, still hidden.

    7. After recovering your account, you have to set a new committed identity hash.

    8. You have to remember your previous hash, as the service can ask what was your old hash, as another form of verification. (Which only you should ever have knowledge of.)

    Q: What if I want to update my committed identity hash?
    A: You will have to contact the service customer support because it is only them who can invalidate it.

    The first step they will do is ask you for your secret, or the text you hashed with sha512. If it matches, then they can invalidate it and let you set a new one.

    Q: How can I create a hash?
    A: WikiMedia / Wikipedia is using this online tool: https://ftools.toolforge.org/general/text2hash.html if you are not a techie.

    ---

    At least that's the basic idea.

    Found the “Committed identity” via @boud 's Wikipedia profile.

    #Security #Verification #Identiy
  24. I like the idea of Wikipedia's #CommittedIdentity (see: https://meta.wikimedia.org/wiki/Template:User_committed_identity ).

    You can prove you are who you claim you are by revealing to the trusted third-party the text you #sha512 hashed. This allows them to hash it themselves and compare if it matches the hash you provided.

    I think this can also be implemented in other services as a last resort. Here's a scenario:

    1. Your account was compromised

    2. The unauthorised user changed your password and account details. Probably also invalidated your #TwoFactorAuthentication (they gained access because you saved your #2FA, and it was compromised).

    3. In the gaming industry, we can help you by asking old information only you can know. Outside the gaming industry, it is not an option, for example, small services like #Fediverse instances.

    4. However, the said service allows one to enter a “Committed Identity” hash. This information, once entered, can never be changed, and it is hidden (only viewable by the admins). Because of this, the unauthorised user can never change it (unless it's an inside job).

    5. You, the original owner, can proceed with verification. The said service will be able to verify your ownership, add your email back, and send you a password reset link.

    6. The service will then invalidate the committed identity hash, however, it will remain on record, still hidden.

    7. After recovering your account, you have to set a new committed identity hash.

    8. You have to remember your previous hash, as the service can ask what was your old hash, as another form of verification. (Which only you should ever have knowledge of.)

    Q: What if I want to update my committed identity hash?
    A: You will have to contact the service customer support because it is only them who can invalidate it.

    The first step they will do is ask you for your secret, or the text you hashed with sha512. If it matches, then they can invalidate it and let you set a new one.

    Q: How can I create a hash?
    A: WikiMedia / Wikipedia is using this online tool: https://ftools.toolforge.org/general/text2hash.html if you are not a techie.

    ---

    At least that's the basic idea.

    Found the “Committed identity” via @boud 's Wikipedia profile.

    #Security #Verification #Identiy