Originally published at: You Wouldn't Base64 a Password! on the Paragon Initiative Enterprises blog
There's a ton of bad programming and securit...
For further actions, you may consider blocking this person and/or reporting abuse
Is this really so?
I thought the two were essentially two sides of the same coin, and we just arbitrarily choose one to be the private key and hide it and publish the remaining one.
Nope! See also: 3v4l.org/ZJNVT
We have to go more public!
This looks great, thanks for sharing.
I feel like that one requires an asterisk, e.g. (* unless you happen to have a large table mapping original messages to hash values. Use salts to combat rainbow tables).
Is it still useless if the file is served over an insecure connection (like a HTTP mirror) and hash is accessed over an HTTPS connection?
Would you say
chocolatey
's hash verification is not a waste of time, since it stores the hashes in the repository, far from where a compromise of the application developer's site could reach?In case someone needs a online base64 decoder: codebeautify.net/base64/decode
I prefer rot26 encryption to base64 though.
Awesome. Thanks.
Thank you so much for this excellent and important article and its topic.
Bonus: You wouldn't tell your fianceé that you work for the CIA.
This tool may help to decode the base64 codebeautify.org/base64-decode
"[...]ret key can reverse; requires one key.[...]"
You have "key" highlighted instead of "one"
Thanks for a wonderful read, Scott 👌