passwords

Best way to store password into sql

Hi, in my current C# windows application password has been stored in plain text which is obviously not good. so i just want to know what is the best way to encrypt the password and stored into SQL Server. I have read that using hash+salt is better. but i feel "EncryptByPassPhrase","DecryptByPassPhrase" new feature in sql 2005 is better t...

How would you generate repeateable encryption key?

I am looking to encrypt data. I want to generate encryption keys based on a password, and some moving value, like time. The goal is to have the key change, but have anyone that knows the password be able to decrypt. This is happening in C#. I am using the following code to hash the password. private static string GetPasswordHash(string ...

Hebrew Passwords on WinXP

What is the accepted way for entering passwords in Hebrew / Hebrew localised installations? Should the password entry dialog be right aligned with new characters appending on the left? like this: |----------------------| | |*******| |----------------------| Or do they generally left align with new characters inserted to t...

Free to use Java phonetic password generator?

I'm looking for free to use phonetic/pronounceable password generator written in Java (or any JVM language, which can be called from Java). Ideally the generator would accept criteria for the passwords it creates, eg: minimum length minimum number of non-alpha characters This would be used in a commercial, distributed applicatio...

.htaccess file - modifying to allow scripting/plug-ins in a password protected directory

I have a directory in a website that the user has asked to password protect. Once I protected the directory, the webpages would no longer play the videos in the directory. The files use a plug-in from ProShow, and the have a file extension of (.px). At first I though it was the .js file that was being loaded from the ProShow website, but...

PHP: Split a string in to an array foreach char.

Hi I am making a method so your password needs at least one captial and one symbol or number. I was thinking of splitting the string in to lose chars and then use preggmatch to count if it contains one capital and symbol/number. however i did something like this in action script but can't figure out how this is called in php. i cant f...

How can I automatically answer a password prompt from an embedded item in an (X)HMTL page?

I have written a web page that displays images from several servers on my network via simple img tags with appropriate href values. The servers require authentication before they will send the images. It works alright, except on first load the page presents the user with a series of password prompts (one for each server). The user c...

Password reset by emailing temporary passwords

A group in my company is implementing a single-sign-on REST API for our applications. This authentication service has a password reset function. The application sends the username to the reset function. If that username is associated with an email address, then an email is sent to that address with a temporary password. The other app...

CakePHP: Clearing password field on failed submission

Greetings, I am setting up a pretty standard registration form with password field. The problem is, after a failed submission (due to empty field, incorrect format etc), the controller reloads the registration page, but with the password field containing the hashed value of the previously entered password. How do I make it empty after ...

Clearing out a c# byte array with sensitive data

I have a c# byte[] containing sensitive data. What is the best way to clear it? How do I ensure that something like Array.Clear will not be optimized away? ...

Silverlight + WCF Service with custom username/password

Hi, We have a WCF service with custom username/password authentication. The service runs over SSL. On our existing WPF application we pass the username and password combination to the service every time it is called (i.e. we don't have any sessions with the service). The credentials are stored in memory on the client application. Now...

Testing common passwords

Hi all I have to write a program that will test the strength our our teams password after they have chosen i need to write a program that will email them and tell them to choose a better password Is there any lists available, legal of course, that i can use to do this? ...

Why are passwords with repeating substrings weak?

Many websites have password strength checking tool, which tells you how strong your password is Lets say I have st4cK0v3rFl0W which is always considered super strong, but when I do st4cK0v3rFl0Wst4cK0v3rFl0W it is suddenly super weak. I've also heard that when password have just small repeating sequence, it is much weaker. But h...

How to make ssh receive the password from stdin

How can you make SSH read the password from stdin, which it doesn't do by default? ...

<input type="password" ...> styling with jQuery

Hi all! Is this possible to change the default styling of password field? I mean replacing the default stars-symbols with something like &bull; or etc. jQuery or simply css/html? Thanx. ...

Is it safe to place password on same folder?

I am using php and mysql. I have a Database config file (db-config.php) which has my database name, username and password. My application and db config file store at: www(httpdocs)/app/db-config.php Is that secure? Will others/hackers able to steal my file and get my database login information? Or should i put it outside www folder, fo...

password / trade secret algorithms : Are they safe in php files?

Hello, My website is built using php files. I use trade secret algorithms in these files and my root password for my database is stored within these php files also. My database is used to store private medical data of many customers. Is this considered a secure set up; can anyone download the php source from my webserver, and therefore...

What are the security considerations for a javascript password generator?

For the longest time I was considering using a Javascript bookmarklet to generate the passwords for the different sites I visit to avoid the problem of "similar passwords everywhere", yet still be portable. However, after reading this paper it became clear to me that using this method would mean that a single malicious page could comprom...

What is the char that is displayed over hidden passwords?

If you type a password in a modern application, it usually displays a nice neat black circle - where more traditional app's would use an asterisk. How is that character created? Is it an ascii value (if so I can't find it)? If not, how is it created? ...

Best Practices for storing passwords in Windows Azure

For those in the know, what recommendations do you have for storing passwords in Windows Azure configuration file (which is accessed via RoleManager)? It's important that: 1) Developers should be able to connect to all production databases while testing on their own local box, which means using the same configuration file, 2) Being Dev...