Quick Reference Guide to Identifying Common Cryptographic Hash Formats

·1 views

Cryptographic hashes and encodings each carry distinct structural signatures that security professionals can use to identify them without decryption. Bcrypt hashes, for example, are exactly 60 characters long, begin with a versioned prefix such as $2a$ or $2y$, and embed both a cost factor and a 22-character salt directly in the string. Standard fast hashes like MD5, SHA-1, and SHA-256 are identified purely by their hexadecimal character set and fixed lengths of 32, 40, and 64 characters respectively. Slower, salted formats such as SHA-512 Crypt and Argon2 include explicit prefix markers like $6$ or $argon2id$ and store algorithm parameters within the hash string itself. A key distinction for security practitioners is that encoded data such as Base64 or ROT13 is reversible, whereas cryptographic hashes are one-way functions designed to resist brute-force attacks through techniques like key stretching.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Developer Builds Searchable HTTP Status Reference With Spring Boot Code Snippets

A developer has published a single-file, dependency-free web tool called HTTP Status Explorer that pairs every HTTP status code with the idiomatic Spring Boot snippet for returning it. The tool lets users search by code, name, or meaning, and filter by class, addressing a common mid-development question about which Spring mechanism to use. It also clarifies frequently confused code pairs such as 401 vs 403, 400 vs 422, and 301/302 vs 307/308 with practical guidance. Each entry explains when to use ResponseEntity, @ResponseStatus, ResponseStatusException, or framework-handled defaults. The project is available as a live demo on GitHub Pages and its source code is publicly hosted on GitHub.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

ContextStream Aims to Give AI Dev Assistants Persistent Project Memory

A new AI development tool called ContextStream is designed to address a common frustration among software developers: having to re-explain their project context at the start of every AI session. Most current AI coding assistants lack persistent memory, requiring developers to repeatedly provide background on their decisions and codebase. ContextStream seeks to change this by retaining a continuous understanding of a project's history, past decisions, and lessons learned across sessions. The tool's developers claim this approach leads to faster decision-making, fewer repeated questions, and reduced time spent onboarding the assistant. The platform positions itself not merely as a utility but as a long-term collaborative teammate that grows alongside a project.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

HTB Sorcery CTF: Rust Macro Flaw Enables Neo4j Cypher Injection Chain

A Hack The Box challenge called Sorcery demonstrates a multi-stage attack chain exploiting three CVEs across a Rust web app, Neo4j graph database, and Gitea instance. The first vulnerability involves a JWT authentication bypass where the server mistakenly uses its own public RSA key as an HMAC secret, allowing attackers to forge admin session tokens using publicly available key data. A second flaw in the code-search endpoint directly concatenates user input into Cypher queries, enabling injection attacks that can leak password hashes or trigger outbound network calls via Neo4j's APOC procedures. The third and most notable bug originates in a custom Rust derive macro that auto-generates Cypher query fragments from struct fields, where a subtle typo in the macro's AST traversal introduces an unsanitized field identifier into database queries. Together, the chain illustrates how a low-severity macro authoring mistake can escalate into full database compromise without ever directly accessing the Neo4j port.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

ContextStream Aims to Give AI Coding Assistants Persistent Project Memory

A tool called ContextStream is being developed to address the loss of project context between AI-assisted coding sessions. Developers frequently lose time re-explaining decisions, correcting repeated suggestions, and hunting for notes that should be readily accessible. ContextStream stores project decisions, documentation, lessons, and plans, allowing AI assistants to resume work with full context rather than starting from scratch. The tool is designed to surface relevant context at the right moment during debugging, planning, or reviewing, rather than simply acting as passive storage. Its core goal is to reduce repeated work and improve continuity across coding sessions for individual developers and teams.

0 comments Read more at DEV Community