Calculating magic hashes for https://www.whitehatsec.com/blog/magic-hashes/. These strings should probably be put into a blacklist preventing users from using them as passwords to mitigate PHP evaluating hashes starting with "0e" as floats.
| A = [0, 0, 0, 0, 1, 0, 0, 2, 0, 2, 1, 1, 1, 2, 0, 0, 2, 0, 1, 0, 1, 2, 1, 1, 0, 1, 2, 0, 3, 0, 2, 3, 0, 1, 1, 0, 1, 0, 1, 2, 1, 1, 0, 1, 0, 1, 0, 1, 2, 3, 1, 1, 1, 1, 0, 1, 0, 2, 1, 0, 0, 0, 1, 1] | |
| min-entropy: H = -log2(p_max) | |
| Shannon: H = -sum(p_i * log2(p_i)) | |
| max-entropy: H = -log2(unique(p_i)) | |
| min-entropy ~= 4.196397212803504 | |
| Shannon ~= 5.158365849770286 | |
| max-entropy = 2 |
| Filesystem | Type | Default Cipher | Block Mode | Authentication | Encryption Mode | Password Hash | RNG | Audit |
|---|---|---|---|---|---|---|---|---|
| CryFS | Stacked FS | AES-256 | ? | GCM | AEAD | scrypt | ? | ? |
| Cryptomator | Stacked FS | AES-256 | ? | HMAC-SHA256 | Encrypt-then-MAC | scrypt | Userspace | ? |
| dm-crypt | Block Device | AES-256 | ESSIV | None | N/A | RIPEMD160 | Kernelspace | ? |
| eCryptfs | Stacked FS | ? | ? | ? | ? | ? | ? | ? |
| EncFS | Stacked FS | ? | ? | ? | ? | ? | ? | ? |
| ext4 | Block Device | ? | ? | ? | ? |
| debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none | |
| debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none | |
| --- | |
| debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none | |
| debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none | |
| --- | |
| debug1: kex: server->client cipher: aes192-ctr MAC: umac-64-etm@openssh.com compression: none | |
| debug1: kex: client->server cipher: aes192-ctr MAC: umac-64-etm@openssh.com compression: none | |
| --- | |
| debug1: kex: server->client cipher: aes256-ctr MAC: umac-64-etm@openssh.com compression: none |
| Show the differences betwen various base-32 encoding schemes. Alphanumeric order used to show what's missing in each. | |
| RFC 2938: 0123456789ABCDEFGHIJKLMNOPQRSTUV : Preserves hex bitwise sort order | |
| RFC 4648: 234567 ABCDEFGHIJKLMNOPQRSTUVWXYZ: 8/B, 9/g, 0/O, and 1/I ambiguity | |
| Crockford: 0123456789ABCDEFGH JK MN PQRST VWXYZ: 0/O and 1/I/L ambiguity | |
| Geohash: 0123456789 BCDEFGH JK MN PQRSTUVWYYZ: 0/O and 1/I/L ambiguity. No "A" | |
| z-base-32: 1 3456789ABCDEFGHIJK MNOPQRSTU WXYZ: human ease-of-use |
| <html> | |
| <head> | |
| <meta http-equiv='Content-Type' content='text/html; charset=utf-8' /> | |
| <title>JavaScript Entropy Proof-of-Concept</title> | |
| <script language='javascript'> | |
| niceware=['a','aah','aardvark','aardwolf','academia','academic','academical','academician','academicianship','academicism','academy','acadia','acapulco','ace','aced','acerb','acerbate','acerber','acerbest','acerbic','acerbity','acerola','acerose','acetate','acetic','acetified','acetify','acetifying','acetone','acetonic','ache','ached','achene','achenial','achier','achiest','achievable','achieve','achieved','achievement','achiever','achieving','aching','achoo','achordate','achromat','achromatic','achromatism','achy','acid','acidhead','acidic','acidifiable','acidification','acidified','acidifier','acidify','acidifying','acidity','acidly','acidotic','acidulate','acidulation','acidulously','acidy','acing','acknowledge','acknowledgeable','acknowledgement','acknowledger','acknowledging','acknowledgment','aclu','a |
Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.
In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes.
While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.
If you wanted to document getting a specific resource via a REST API
If there are any problems with the word lists, please reach out to me on Twitter [@AaronToponce][0].
The [initial EFF word lists][1] have several problems:
Just using the shell, either with built-in tools, or 3rd party generators, for building passwords with at least 70-bits of entropy (1 in at least 1,180,591,620,717,411,303,424 possibilities).
Each provide their own advantages and disadvantages.
All possible 94 graphical characters (not the <Space> or <Tab>) are
Here are my findings of entropy extraction estimates from mouse movement events in the browser. Tables below show the results sorted by the minimum entropy extraction. Timing events, keyboard events, and other potential sources of entropy that can be collected from the user are not considered here.
A [visual representation][1] of slow, medium, and fast mouse movements can help visualize why the entropy estimation increases as the mouse velocity increases. The recorded data was plotted with Gnuplot as follows:
