passwords

MySQL password function

Is it considered good or bad practice to use MySQL's password function to hash passwords used by an application? I can see pros and cons. I'm curious if there is a general consensus on whether it is good or bad. ...

what is best possible way of salting and storing salt?

Hi guys I have read about password salting, but this might sound a little odd. But how do I store and secure the salt. For example in a multi tire architecture say I use the client machine’s GUID to generate my salt then the user gets restricted to a single machine but if I use random salt it has to be stored somewhere. Few days back I ...

how to mask password in c?

In C, I want to display every single character that the user type as * (Ex, Please type in your password: *) I'm searching around but can't be able to find a solution for this. Does anybody know a good way? ...

XP accounts - why does this happen?

Hi all, Quick question regarding my computer accounts. Recently revisted one of my old comps and forgot the admin password :) When I boot up I get screen showing John Doe account - no one else, no admin account. Couldn't remember this password. After a bit of stuffing around, I was able to find out that I have 2 admin rated accounts -...

"Please confirm which user you are changing the password for"

So I just made a change password form for my rails app. It's just like any other very typical password change form. So after a few times testing it out I started seeing a popup box saying "Please confirm which user you are changing the password for" Now this really freaked me out a bit since I know I did not write any code to do such ...

Python: Read password from stdin

Scenario: An interactive CLI Python program, that is in need for a password. That means also, there's no GUI solution possible. In bash I could get a password read in without re-prompting it on screen via read -s Is there something similar for Python? I.e., password = raw_input('Password: ', dont_print_statement_back_to_screen) Al...

Persisting web service passwords

I'm not a security guy so any help on this would be greatly appreciated. I have a large number of third-party field devices that have remote methods that can be called across xml-rpc using ssl. For each method call, a username and password must be transmitted in plain text as parameters along with any other method parameters. I have no ...

why it returns null password???

In my Generator class ,I make a new password and also I have a SystemManagements class which imports Generator class (it is in the other package) and I have some information like name and family of user and I make an object which its type is SystemManagement but when i call getPassword() on my object it will return null!!!?????? public ...

Password hashing at client browser

What's the best way to hash the user password at the client browser, before sending it to the web server, so that only the hash goes out, not the plain-text password? EDIT: assuming HTTP is used (not HTTPS) ...

C command-line password input

Hi, I want to allow users to enter password using command-line interface. but I don't want to display this password on screen (or display "****"). How to do it in C? Thanks. Update: I'm working on Linux only. So I don't actually care about Win or other systems. I tried Lucas' solution and it worked fine. However, I still have another ...

Format of IBM keyman's password stash file.

Hi All, I need to write a script to stash a password to a file. The password should be stored in the same format as IBM's keyman utlity stores the stash password. Can this even be done?, if so, can someone point me to the format of the stash file. I have googled for it , so far no luck. Thanks ...

Should I support Unicode in passwords?

I would like to allow my users to use Unicode for their passwords. However I see a lot of sites don't support that (e.g. Gmail, Hotmail). So I'm wondering if there's some technical or usability issue that I'm overlooking. I'm thinking if anything it must be a usability issue since by default .NET accepts Unicode and if Hotmail--er, th...

How to suppress the keystore password prompt when using Java Webstart with client auth?

Is there a way to suppress the password prompt when using Java Webstart with a https server that uses client authentication? I would like to do this, because the webstarted app runs on a touch screen device that got no keyboard and runs in a kiosk mode. Therefore it would be sufficient to either remove the password from the keystore or t...

Encrypting SALTEDHASHED weblogic password in java

How to encrypt SALTEDHASHED password (used by Weblogic) in java? I need to be able to hash passwords in exactly the same way as WebLogic's authenticator does. Preferably without using WebLogic's library. 30 minutes later.. I've read some documentation and if I don't know the value of the salt I can't encrypt the password in the same wa...

Rails storing host password for FTP model

I'm building a rails app that communicates with other servers via ftp. The user needs to input their host, username and password for their particular ftp server. I wouldn't want to store their password as cleartext, but I need the actual password to connect to the server when it comes time. Would it make sense to use a two-way hash? ...

md5 for emails too?

I'm creating a MySQL database with registered users, and I'm thinking to use md5 not only for passwords but for e-mails too. I think this choice can improve user security, but I'm not yet an expert with databases and I'm not sure if this is wise or not! I hope this isn't a stupid question! ...

"Remember password" option [C#]

Hi, i need to implement a "Remember password" option in my program, it works with client-server protocols that REQUIRE the entire password to be passed in the loggin process, not only Hashes, so i need to store the entire password locally. I searched all over the place but i found no conclusive answer or no answer at all. But since Email...

How to switch old-passwords OFF in Mysql 4.1

Hi there, I am having a hard time migrating my MySQL 4.1 database from old 16-byte password hashes to the new 41-byte hashes. The problem is, that the mysqld server automatically starts with the "old-passwords = on" directive, which restricts setting new passwords to 41-bytes length. My question: Does anyone know how I can tell mysqld ...

Encrypting 3rd party credentials

I have an application where I need to store 3rd party credentials to services like Amazon S3, FTP, SFTP, etc.. I know that it is possible to access some of those systems without passwords, but that has its own issues. If our customers gave us access to their S3 buckets via ACL we would still need to verify which bucket belongs to which ...

Spring Security Encypt MD5

Hi. I have a java web application using spring framework and spring security for its login. In my database I have my passwords encrypted to MD5 before being saved. I added in my application-config.xml this codes <security:authentication-provider> <security:password-encoder hash="md5"/> <security:jdbc-user-service data-source-ref="dat...