I can understand that imposing a minimum length on passwords makes a lot of sense (to save users from themselves), but my bank has a requirement that passwords are between 6 and 8 characters long, and I started wondering... Wouldn't this just make it easier for brute force attacks? (Bad) Does this imply that my password is being stored...
Random Characters? Passphrases? High Ascii? cat /dev/urandom | strings ...
I have a properties file in java, in wich i store all information of my app, like logo image filename, database name,database user and database password. I can store the password encrypted on the properties file. But, the key or passphrase can be read out of the jar using a decompiler. Is there a way to store the db pass in a properties ...
From Wired magazine: ...the Palin hack didn't require any real skill. Instead, the hacker simply reset Palin's password using her birthdate, ZIP code and information about where she met her spouse -- the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search. We cannot ...
We all know that security questions suck, but still they're often used as the authentication of last resort to reset forgotten passwords. What are some secure and unsecure ones you've used or seen? Use community owned answers for voting. Up-vote secure questions. Down-vote unsecure questions. Explain in comments. ...
I set a passphrase when creating a new SSH key on my laptop. But, as I realise now, this is quite a PITA when you are trying to commit(git,svn) to a remote location over SSH many times in an hour. One way I can think of is, delete my SSH keys and create new. Is there a way to remove the passphrase, while still keeping the same keys? A...
Is there anything available that isn't trivially breakable? ...
I am working on a password validation algorithm that needs to check potential passwords against the dictionary. If the password or any part of it can be found in the dictionary, reject it. The function is easy enough, but where do I get the word list? Is there a web service already out there for looking up words? I have poked around ...
I need to store database passwords in a config file. For obvious reasons, I want to encrypt them (preferably with AES). Does anyone know a Delphi implementation that is easy to introduce into an existing project with > 10,000 lines of historically grown (URGH!) source code? Clarification: Easy means adding the unit to the project, addin...
I'm sick of remembering all the passwords for different logins. Lately I found the interesting tool password composer which lets you generate passwords base on the hostname and a secret master password. But I don't want to use a website or installing software to generate my passwords. So I'm looking for a simple one way hashing alogorit...
I'm setting up a server to offer JIRA and SVN. I figure, I'll use LDAP to keep the identity management simple. So, before I write one.... is there a good app out there to let users change their ldap password? I want something that lets a user authenticate with ldap and update their password. A form with username, old password, new...
When you're hashing a password (or anything else) in PHP, does it make any difference if you use SHA or MD5? ...
I'd like to enumerate domain accounts and try authenticating as each with a limited set of passwords. The issue is that I can't find any way to attempt to validate credentials without "doing" something (e.g. querying wmi with impersonation) which isn't useful as the account may or may not have the ability to connect via wmi in the firs...
Is there any way so that i can echo password when asked for in unix shell without use of external binaries ? Something like simple function triggered when password prompt is displayed ...
There are many techniques to enforce strong passwords on website: Requesting that passwords pass a regex of varying complexity Setting the password autonomously, so that casual users have a strong password Letting passwords expire etc. On the other hands there are drawbacks, because all of them make life less easy for the user, meani...
I have this query in sql server 2000: select pwdencrypt('AAAA') which outputs an encrypted string of 'AAAA': 0x0100CF465B7B12625EF019E157120D58DD46569AC7BF4118455D12625EF019E157120D58DD46569AC7BF4118455D How can I convert (decrypt) the output from its origin (which is 'AAAA')? ...
We've talked about personal password management here but how do you guys manage your passwords at a company wide level? ...
I'm writing a command line tool to help my web app. It needs a password to connect to the service. I'd like the script to show a password prompt so I don't have to pass it as a command line argument. That's easy enough, but I'd like it to not echo the password to the screen as it's typed. How can I do this with PHP? Bonus points for ...
My application connects to an FTP server with a username and password. I can create an encryption routine to encrypt and decrypt the password, but anybody with access to the source code and the encrypted password can decrypt the password. Is there an easy way to prevent every human being from knowing the entire password used by an appl...
Modules or software solutions for generating English pronounceable passwords? Are there similar modules for other languages? ...