Hi everybody, When I want to put in place a login system, I always compare the md5 of the given password with its value in the users table on the server side. However, a friend of mine told me that a "clear" password could be sniffed by a network software. So my question is : Is it a good idea to hash the password on the client side? ...
Is there a way to move a saved login/password for TortoiseSVN to a network repository from machine to machine? Just got a new machine, know my username but don't recall my login to the repository. I know TortoiseSVN saves some auth info on the directories at %appdata%\Subversion\auth Moved over the file I found at svn.simple; I see my...
On the surface bcrypt, an 11 year old security algorithm designed for hashing passwords by Niels Provos and David Mazieres, which is based of initialization function used in the NIST approved blowfish algorithm seems almost to good to be true. It is not vulnerable to rainbow tables (since creating them is too expensive) and not even vuln...
I've heard quite a few reasons for storing hashed passwords in a database. However, there are almost always options in authentications APIs to store passwords as plain text or encrypted. Is there ever a reason you would want to store a password as plain text or encrypted in a database? Note To be clear I know that storing non-hashed ...
I have N- Tier application Which consist of three parts: 1. Client (WPF) 2. WebService (Java web service) (Business logic) 3. Database (Oracle) I store my password in md5 in oracle database but send password from from client to web service in not encrypted state just like a simple string. Which technic I have to use to secure password...
If a password is stored with reversable encryption in Active Directory, how does an administrator/developer extract and decrypt this password? Specifically, I'm referring to this setting. ...
I would like it if when I use OpenSSH like so: ssh user@host that it asks for a passphrase Please enter Passphrase: then asks for the password Please enter Password: Is this possible? ...
My company has some unique password policies (such as a pwd cannot be re-used for 6 months, aside from the must include #, special character, upper & lower case) Can anyone suggest how to go about ensuring that a new user's password complies with these policies (using forms authentication in .net 3.5 framework)? ...
Hi, After reading and trying and reading, I hope somebody might help. I want to make an application that runs in an console (Click and it starts without complicated configuration) . Then an android client connects to the WCF service on the console, enters his username and password, and has access to the service. (only intranet) It soun...
Hey. Although this is focused on Windows Phone 7, I guess the principle is universal. I would like to have a password protected zone within my app. However, my application is completely offline and so I will have to store credential details on the phone. My initial idea is to store a hash of the password and the salt. Would this be the...
I'm adding a "change password" functionality to my webgame http://ninjawars.net , which currently has fixed (and essentially never changing) passwords. I want to avoid making a mess of it, so I'd like to make sure that I have the basic security bases covered. Taking what I can pull from facebook's way of doing things, a few points that...
I have a website developed in PHP. There are 2 classes (in 2 seperate php files) that contain the siteadmin's gmail user id and password (in plain text) and database password (again in plain text). Though none of these classes are displayed on the browser ( like index.php). These files contain only php classes and no html code and the re...
Last couple of months I've been wondering about all these password strength meters on websites. If you use the same password in every of those registration forms, the result on meter is sometimes different. One say "Strong" other say "Normal" and there are probably some that would even say "Weak". So the question is, what if there would...
Hi Trying to send a file to another server using scp.. cannot use sftp as it is not installed on my server so i am getting a function not found for ssh2_connect. So my only option as i can see it is scp. Now the problem come with i cannot include my password in the php scp script. ie: scp filename username:passwor@server:filename I...
I'm using the SFHFKeychainUtils which is a wrapper for Apple's Keychain. To query a password I need a username. How can I access username application wide? Use a singleton? Other solutions? ...
I have a system where I salt and hash passwords before saving them to the database, using FormsAuthentication in asp.net What I want to do is, rather than ask the customer for their password each time, I just want 3 random letters from their password. How can I compare this to the hash in the database? Will hashing still work in this ca...
var $validate = array( 'password' => array( 'passwordlength' => array('rule' => array('between', 8, 50),'message' => 'Enter 8-50 chars'), 'passwordequal' => array('checkpasswords','message' => 'Passwords dont match') ) ); function checkpasswords() { return strcmp($this->data['Airline']['password'],$this->data['Airlin...
Title says is it all. Is there any real difference between the two? ...
I am developing a Java command line application and I need to display an asterisk (*), or any similar sign, when the user inputs the password. I have tried using the replace() method but it accepts only one character. Is there a way to pass all the letters and numbers as an argument for this replace method. Or else what is the method of ...
Does ASIHTTPRequest uses Base64 encoding for username and password? On the webpage I only found out that the username/password is in plain text if SSL is not used. ...