u/stupiddogmademelook

Had a funny talk with a coworker, so I figured I might share some... A lot of people online(coworker included..) think cryptographic hash functions are pure math wizardry, but the concept is actually simple.

Think of a hash function like a digital blender. You throw anything into the pile. It can be a single password, a photo, or a video file, and you hit blend. The blender always spits out a fixed length string of random letters and numbers (aka the hash)

Here are the essential rules that make it work:
-You can blend it up, but you can't look reverse-engineer it back into the ingredients. This is why websites store the hash of your password, not the actual password. If hackers steal the data, they just get useless scrambled codes.

-Minor changes will break it. If someone changes a single comma in a file, the hash changes completely. This is how one could check if a file has been tampered with.

Basically, hashes are just unique digital fingerprints keeping the internet secure and since the hashes can persist, they can be re-used.

Does anyone know of any risks hash configurations have? Also, if someone has more to share about utility of using a hash configuration in programming workflows, id love to hear of it. Right now I'm working on a discussion page foundation where a user could register an account within an encrypted database and they should login using hashes. Struggling with some integrations, since the same account in the database needs to work for a browser game component on the site. Still not fully having a working prototype at this time due to some errors with my hash structures. Taking a breather and hoping someone might give me more ideas to work from in the meantime

Many articles on the topic as is, though this guy's post on Linkedin was straight on the technical side without the article fluff which I feel is more important if you dabbled in BitLocker

Some guy out of spite for Microsoft released BitLocker vulnerabilities over the web, and on Github of all places(owned by Microsoft which is absurd). Normally, you would get paid for such a bug bounty, though I heard he had some sort of falling out with the arrangement, so he decided to go vengeance sicko mode instead. Funny how Microsoft essentially tried to shut down VeraCrypt only to get a bit of their own medicine. Irony. Gotta love seeing it

Worth to check your BitLocker setup if you have been using it as well as the hacker's Github since he did give nice details of what was at fault even with all the spite he held

From the guy's post I linked:
"What to action now:

1. Enable BitLocker pre-boot PIN on laptop devices
2. Set a BIOS password
3. Disable USB boot
4. Alert on unexpected WinRE entry events in Intune or your SIEM."

Been reading into session stealers and found an interesting article.

Key takeaways:

1. don't store passwords on the browser, use a management tool;
2. Update your OS(yes they used to make devices slow in the past, yet modern updates are essential for device security);
3. Fake drivers and "cracked" game downloads online hide such malware, so make sure the sources for downloads are legit.