A security researcher demonstrated that an AES‑256 encrypted ZIP archive can be opened with two completely different passwords because ZIP implementations hash passwords longer than 64 bytes using PBKDF2, turning the long password into its SHA‑1 hash which matches the short password.
An experiment by a security researcher shows that AES‑256 encrypted ZIP files can be opened with two completely different passwords because passwords longer than 64 bytes are hashed with PBKDF2, turning the hash into the actual key used for encryption and decryption.
This article explains the PHP hash_pbkdf2() function, detailing its parameters, return values, and usage with a complete example that demonstrates how to derive a PBKDF2 key using a chosen hash algorithm, password, salt, iteration count, and output format.
This article explains how passwords should be encrypted during transmission using symmetric and asymmetric methods such as RSA, why HTTPS is essential, how services like GitHub and Baidu handle login security, and best practices for securely storing passwords with hashing, salting, and strong algorithms like BCrypt and PBKDF2.
This article examines common password‑storage techniques, explains why plain‑text, symmetric encryption, and simple hashes are insecure, and demonstrates how modern algorithms like PBKDF2, bcrypt, and scrypt, together with proper salting and iteration, can effectively protect user credentials against large‑scale cracking attacks.
This article explains the purpose of key‑derivation functions, compares fast and slow hash algorithms, and explores how moving password stretching to the browser can increase attack costs while balancing usability, with practical code examples and deployment considerations.
This article explains common user password storage methods, compares their security characteristics, and details various cracking approaches—including hash collisions, rainbow tables, and advanced algorithms like PBKDF2, bcrypt, and scrypt—while emphasizing the importance of strong encryption to mitigate data breach risks.
This article explains why simple password hashing is insufficient, describes common attacks such as dictionary, brute‑force, lookup‑table and rainbow‑table attacks, and provides best‑practice guidance—including random salts, CSPRNGs, key‑stretching algorithms like PBKDF2, bcrypt and scrypt—and complete PHP reference implementations.
The article presents complete, licensed implementations of salted PBKDF2‑SHA1 password hashing for both ASP.NET (C#) and Ruby on Rails, detailing the source code, usage methods, and verification procedures to securely store and validate passwords.
This article examines common pitfalls in password storage—from storing plaintext or reversible encryption to basic hashing, salted hashing, and advanced key‑derivation functions—explaining why each approach can be vulnerable and recommending robust methods like PBKDF2, bcrypt, and scrypt.
