If linux repeatedly hashes password 5000 times claimed here.Then it's not secure as claimed here.
Both the arch wiki and above article are in conflict.
Then how linux implements PBKDF2 or doesn't use pbkdf2 at all, and instead just repeatedly hashes 5000 times.
What does linux do under the hood. Repeatedly hashing is not secure or is it?THAT's my main query.
I am trying to generate a SHA512 hash password string with salt encoding in powershell..
I found below python one and checked working fine
python -c 'import crypt; print crypt.crypt("welcome@123", crypt.mksalt(crypt.METHOD_SHA512))'Is there anything similar in powershell...??
I want to know if there is a way to convert fast a whole list of string into a one unique sha512 hash string.
For now I use this method for get a unique sha512 hash, but this way become slower and slower when the list have more and more string.
string hashDataList = string.Empty;for (int i = 0; i < ListOfElement.Count; i++){ if (i < ListOfElement.Count) { hashDataList += ListOfElement[i]; }}hashDataList = MakeHash(HashDataList);Console.WriteLine("Hash: "+hashDataList);Edit:
Method for make the hash:
public static string MakeHash(string str) { using (var hash = SHA512.Create()) { var bytes = Encoding.UTF8.GetBytes(str); var hashedInputBytes = hash.ComputeHash(bytes); var hashedInputStringBuilder = new StringBuilder(128); foreach (var b in hashedInputBytes) hashedInputStringBuilder.Append(b.ToString("X2")); str = hashedInputStringBuilder.ToString(); hashedInputStringBuilder.Clear(); GC.SuppressFinalize(bytes); GC.SuppressFinalize(hashedInputBytes); GC.SuppressFinalize(hashedInputStringBuilder); return str; } }We have a database table which contains passwords hashed with SHA512. When a user logs into the system it compares their hashed entered password with a hashed password stored in a table. I am trying to create a user through a PL/SQL script and I need to replicate the same process as the system does to create the user when it does it through the front end.
I'm having trouble clarifying if the salt I am generating for the hash in Oracle is what is generated by the system in C#. Since when I try to login and debug the system code, the hashed password generated by the system is not matching what I created through my PL/SQL script.
Currently, the system generates the hash with:
public string GetSalt(int count) // count = 32{ byte [] salt = new byte[count]; using (var gen = new RNGCyptoServiceProvider()) // System.Security.Cryptography { gen.GetBytes(salt); } return Convert.ToBase64String(salt);}So we should get a cryptographically strong sequence of random values based on the docs for GetBytes().
What I am doing in Oracle is the following:
FUNCTION GetSalt RETURN SomePasswordTable.Salt%TYPE IS defaultSaltLength VARCHAR2(4); randomBytes RAW(1024);BEGIN BEGIN SELECT SaltLength INTO defaultSaltLength -- This will be '32' FROM SomeTable WHERE someValue = 1 AND someOtherValue = 'SALTLN'; EXCEPTION WHEN OTHERS THEN defaultSaltLength := '32'; END; randomBytes := DBMS_CRYPTO.RandomBytes(TO_NUMBER(defaultSaltLength)); RETURN utl_raw.cast_to_varchar2(utl_encode.base64_encode(randomBytes));END;My question is, am I doing the same in Oracle as the system is doing in C#?
Based on the Oracle DBMS_CRYPTO docs, RandomBytes() should also return me a cryptographically secure pseudo-random sequence of bytes.
Since both methods use the same hashing function. DBMS_CRYPTO.HASH_SH512 in Oracle and PBKDF2HashAlgorithm.SHA512 in C#, this is the only place I can think of where the hashing is going wrong on the Oracle side.
Is what I am doing correct? Why am I getting a different hash?
I want to encrypt some data with SHA-512 on Oracle 12.
For example, I would like to encrypt this string:
230049008251111 to this:
DA9AA3ACDE64DB3297FF75FDE407DAF3DB7EFF0CDF987C6C16BAF28242997046997EBF5A2F6C4F7449A4936C6518A6FD24A3C0984E9C09BF19395175F1BE2B5F
This is according to sha512 generator I'm using.What is the best way to do so on Oracle?
Thanks
Please note that by viewing our site you agree to our use of cookies (see خلوت for details). You will only see this message once.