Experimental News Clipping Site

Tag: hashing

  • Simon Willison’s Weblog: How some of the world’s most brilliant computer scientists got password policies so wrong

    by

    system automation
    in

    Source URL: https://simonwillison.net/2024/Nov/21/password-policies/#atom-everything Source: Simon Willison’s Weblog Title: How some of the world’s most brilliant computer scientists got password policies so wrong Feedly Summary: How some of the world’s most brilliant computer scientists got password policies so wrong Stuart Schechter blames Robert Morris and Ken Thompson for the dire state of passwords today: The story…

  • Schneier on Security: Good Essay on the History of Bad Password Policies

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html Source: Schneier on Security Title: Good Essay on the History of Bad Password Policies Feedly Summary: Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been…

  • Hacker News: HashML-DSA Considered Harmful

    by

    system automation
    in

    Source URL: https://keymaterial.net/2024/11/05/hashml-dsa-considered-harmful/ Source: Hacker News Title: HashML-DSA Considered Harmful Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the complexities surrounding prehashing in digital signature schemes, particularly in the context of recent NIST standards. It offers insights on how to effectively manage private key exposure while facilitating remote signing processes, highlighting…

  • Slashdot: DataBreach.com Emerges As Alternative To HaveIBeenPwned

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/07/0620237/databreachcom-emerges-as-alternative-to-haveibeenpwned?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: DataBreach.com Emerges As Alternative To HaveIBeenPwned Feedly Summary: AI Summary and Description: Yes Summary: DataBreach.com, a new service from Atlas Privacy, enables users to check if their personal information has been leaked, offering a more extensive search than Have I Been Pwned. It emphasizes privacy by performing checks locally…

  • The Register: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/04/why_the_long_name_okta/ Source: The Register Title: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Feedly Summary: Mondays are for checking months of logs, apparently, if MFA’s not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could…

  • Hacker News: Breaking CityHash64, MurmurHash2/3, wyhash, and more

    by

    system automation
    in

    Source URL: https://orlp.net/blog/breaking-hash-functions/ Source: Hacker News Title: Breaking CityHash64, MurmurHash2/3, wyhash, and more Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an extensive analysis of the security implications of various hash functions, focusing on their vulnerability to attacks. It discusses the mathematical foundations of hash functions, their roles in computer security,…

  • Hacker News: The performance of hashing for similar function detection

    by

    system automation
    in

    Source URL: https://edmcman.github.io/blog/2024-01-11–fuzzy-hashing-for-code-comparisons/ Source: Hacker News Title: The performance of hashing for similar function detection Feedly Summary: Comments AI Summary and Description: Yes Summary: The text delves deeply into malware reverse engineering and explores advanced hashing techniques like PIC hashing and fuzzy hashing. It highlights the significant challenges faced in identifying equivalent functions across different…

  • Hacker News: Okta – Username Above 52 Characters Security Advisory

    by

    system automation
    in

    Source URL: https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ Source: Hacker News Title: Okta – Username Above 52 Characters Security Advisory Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability identified in Okta’s authentication process involving the DelAuth mechanism and the Bcrypt hashing algorithm. The significance lies in its implications for user authentication security and…

  • Cloud Blog: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ Source: Cloud Blog Title: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Feedly Summary: Written by: Casey Charrier, Robert Weiner Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were…

  • Hacker News: Meta pays the price for storing passwords in plaintext

    by

    system automation
    in

    Source URL: https://arstechnica.com/security/2024/09/meta-slapped-with-101-million-fine-for-storing-passwords-in-plaintext/ Source: Hacker News Title: Meta pays the price for storing passwords in plaintext Feedly Summary: Comments AI Summary and Description: Yes Short Summary with Insight: This text highlights a significant compliance and security failure by Meta, focusing on the improper handling of user passwords stored in plaintext. The incident underscores the importance…