Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn’t pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn’t find anything. Haven’t found any...
I use Aegis as my 2fa. Today on new token creation I observed that there’s hash function set to SHA-1, later checked all my tokens and the result is same type of encryption used for all. So I have edited all my tokens to SHA-256 as a result my totp doesn’t authenticate. Do I have to rescan my tokens for updating to SHA-256...
First of all, let’s recap how TOTP works: your authenticator app stores “TOTP password” in an accessible way (some apps store it plaintext, Aegis stores them in an encrypted DB. They can also be stored on Yubikey.). To generate one time code, the app takes the password, concatenates it with current time rounded to 30 seconds and compute a hash from this string.
The resulting hash is used to create a 6 digit code, that you’ll enter on login.
To check the code, server repeats the same procedure and compare your result with the just generated one.
As you can see, for this system to work you and the server must use the same hash function.
Conclusion: 1)Hash function in TOTP has nothing to do with password storage, it is used only for TOTP-code generation. 2) Cryptographic security of the hash function is not much a concern here: TOTP code expose an extremely low amount of information about TOTP password, so to reliably recover the password from TOTP-codes you’ll have to intercept millions of them.
I use Proton. But I continue to run into more and more websites and services that detect my VPN and refuse my connection, or just run literally 40 captchas in a row until I just give up....
How to randomly pad files before encryption to prevent file fingerprinting?
Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn’t pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn’t find anything. Haven’t found any...
Why every TOTP app default uses SHA-1 hash encryption?
I use Aegis as my 2fa. Today on new token creation I observed that there’s hash function set to SHA-1, later checked all my tokens and the result is same type of encryption used for all. So I have edited all my tokens to SHA-256 as a result my totp doesn’t authenticate. Do I have to rescan my tokens for updating to SHA-256...
What VPN are you using?
I use Proton. But I continue to run into more and more websites and services that detect my VPN and refuse my connection, or just run literally 40 captchas in a row until I just give up....
Installing Nix behind MITM-proxy (totikom.github.io)