During registration, I'm debating how I should set user password:
Let the user choose it. If i do this, I have to enforce some standards (length, weakness, may involve regexes, etc.) What do you normally do when you choose this way and why? Is there a library available for PHP for this?
Auto-generate the password for the user and email...
I'm using Rijndael to encrypt/decrypt some sensitive images that will be used on some documents. I'm trying to be absolutely sure that the password provided works and that, by some quirk of fate, an incorrect password will result in a corrupted image that ends up on the document. If I don't catch it before this point, lots of documents...
I've seen this question before but can't find a good answer for it.
I have an ASP.NET website using formsauthentication, it has some anonymous and protected parts. Now I publish this on a development machine connected to the internet, I only want testers to have access to this website. So outsiders cannot see anything of the website, no...
I'm looking at hashing algorithms, but couldn't find an answer.
Bcrypt uses Blowfish
Blowfish is better than MD5
Q: but is Blowfish better than SHA512?
Thanks..
Update:
I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question this way is this article, where the autho...
I've read some articles and questions on SO (e.g. here) that say you shouldn't store a user's password in a cookie. If the password is salted and hashed, why is this insecure?
In particular, why is it less secure than using sessions, the alternative usually suggested? If the user wants to stay logged in then surely this new cookie (with...
I have a project in the works, and I'll need to associate a passcode with an item.
The password should be completely non sequential or easily guessable, yet simple to remember.
I thought about doing something like this.
string rand = System.Guid.NewGuid().ToString();
rand.Substring(0,3);
Return the first 4 digits of a GUID.
I was wo...
Is there a jQuery project out there, that create on of these "Password-strength-meters" right by a password box and updates the strength-bar when something is typed into the field?
Do you know any good ones?
...
How much more safer is this than just md5? I've just started look into password security. Im pretty new with php.
$salt = 'csdnfgksdgojnmfnb';
$password = md5($salt.$_POST['password']);
$result = mysql_query("SELECT id FROM users
WHERE username = '".mysql_real_escape_string($_POST['username'])."'
...
If on a login screen user submits a form with his username and password, the password is sent in plain text (even with POST, correct me if I am wrong).
So the question is what is the right way to protect the user and his password against the third party who might be eavesdropping on the communication data?
I am aware that HTTPS is aso...
Thanks for looking. All sincerely helpful answers are voted up.
I use a password strength meter to let the user know how strong the password they've chosen is. But this password checker obviously doesn't cover how weak under a dictionary attack the password is. How can I check for that, and is it worth it?
Also my regular password ch...
Hi,
I am using PHP. I used to use native mysql function password() to store passwords. I was told that password() is not safe anymore. What would be the best method to store passwords in PHP? is it MD5?
...
I'm a newby at web programming, and even newer to ruby on rails. What is the best way of asterisking out or "hiding" a new password entered by a user?
...
hey all, I'm very new to linux and php so forgive me if this is a dumb question.
I need to create a php command line script that will add a user to the system, to be used by the ftp server. I have it set up at this point that it creates the account just fine. The problem I'm facing is that even though I pass through the password when I ...
What does it mean to hash a password?
...
This may sound like a frivolous question, but those in the security field will get it. Should I let the user enter any number of characters as long as it's greater than 0 chars. My logic is:
the password is going to be hashed and salted anyway, and
it's more fun for someone doing a rainbow table to NOT have any length/other guideline...
Is there a ways to transform text that is in a specific column of a listview control into password characters? Thank you.
...
My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences.
One of us takes the viewpoint that:
Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the fut...
I want to read in a password as part of a command-line script, but do not what the typed password to appear on the screen. This seems to be a fairly common feature in command-line apps, but my Google-fu has failed in identifying how this works. Is it a feature of the OS? Do you have to intercept the input stream somehow so it doesn't wri...
Sometimes Microsoft does something so stunningly dumb that it makes my head hurt. Help me find out it's really not the case ... please!
I've got an issue with the login page of an ASP.NET (3.5) site I'm developing whereby IE (7 or 8 ... can't bear to open 6) doesn't offer to save the password when a user logs in. I've checked other brow...
Hi,
is there a method for svn to explicitly create the cached name/password settings for a user and doing nothing else ? Name/password settings will be given via a dialog, while svn is probably installed just in the step before.
I need that as a step in a workspace installer, which will later make use of svn.
Thanks for any help.
...