passwords

versatile blog for ruby on rails, password protection?

Hey guys, I am making a personal website with a blog. I'd like to have certain entries password protected like I've seen on at least one wordpress. That's no biggie. But I was wondering if there was something really flexible which will allow hidden text to be revealed after a post? For example, the public post may say, "I met my friend B...

approaches to encrypt password in sql server 2005

Hai guys, Thus far i am using the following statements for encrypting a password variable in sql server 2005 OPEN SYMMETRIC KEY SecureSymmetricKey1 DECRYPTION BY PASSWORD = N'StrongPassword'; DECLARE @encrypted_str VARBINARY(MAX) select @encrypted_str=EncryptByKey(Key_GUID('SecureSymmetricKey1'),@Password) Is this a good practice o...

How to salt and hash a password value using c#?

Hai guys, I came to know that storing hash value of a password is a safe one from Preferred Method of Storing Passwords In Database... How to salt and hash a password value using c#? How to compare both the values stored in DB and the one given by the user? ...

SAS using encrypted (PWENCODE) in EMAILPW= option

My code works fine using plain text code, but fails when I use an encrypted password filename File email emailsys = VIM emailid= "&pa_usr" emailpw= "{sasenc}39AAD23E148A9555508AC84447181DFF" ; Anyone know what I should do? ...

How secure are Authlogic passwords?

I'm planning to make the database of a Rails project available for download publicly. This database contains an Authlogic users table, with crypted_password and password_salt fields. How securely are these passwords stored... is it safe to make them available publicly this way? Or should I look at implementing another authentication syst...

Need help with some tricky .htaccess password rules

The issue I have a site that's a few weeks away from launch, so I've put a htaccess Require directive on it, to keep nosy people out until launch. But now I need to open up (i.e. not require a password) for 2 specific URLs, because a payment-processing service needs access to them. And for some reason I just can't get it to work! The ...

password limitations in SQL Server and MySql

Does MySql 5.1 and SQL Server 2008 (Web edition, Standard) have any functional password limitations other than length limits? Are metacharacters in any form a bad idea to use, like bang, pipe, hash, any slash, carrot, and so on? I know that MySql 5.1 has a password length limitation of 16 characters that is hardcoded, but I was wonderin...

AD Password About to Expire check problem with ASP.Net

Hello everyone, I am trying to write some code to check the AD password age during a user login and notify them of the 15 remaining days. I am using the ASP.Net code that I found on the Microsoft MSDN site and I managed to add a function that checks the if the account is set to change password at next login. The login and the change pas...

Is password input sanitization required?

Hi, I'm trying to sanitize any data that's inputted by making sure the data is valid for a particular field (e.g. a name can't contain special characters/numbers etc..) However, I'm not sure what to do when it comes to a password field. Would I even need to bother with any sanitization as the password is simply hashed? If the user was ...

Git Svn Password View/Reset?

I have a personal learning project that I shelved for awhile but recently decided to get back into. After hearing so much about Git, I decided to give it a try. Thus far I've been able to initialize an empty Git repository but then it prompts me for a password of which I've misplaced. My first question, where is the password being prompt...

What is being encrypted when I use a salted CRYPT_MD5 to encrypt my password?

Using md5 on a string always produces an alpha-numeric encrypted result, ie: no symbols. However, when I using the php crypt() function, specifically the CRYPT_MD5 (and it is on, I've checked) with a salt, the supposed md5 hash it returns does not look like an md5 hash. For example: if I md5 the string 'password', I get: $pass = md5(...

Double salt for hashing passwords?

I'm thinking of hashing user passwords with two different salt strings, one stored in the code which is the same for all users and another stored in the database for which each user has their own unique value. Would this be more effective than simply storing the values in the database? Any advice, opinions appreiated. Thanks ...

Guidelines for a Password Strength Meter (Password checker) Design

I have tried different types of Password Strength Meters or Password checkers, but all give me different results when I test the same Password, because each implements its own algorithm. Is there some official standard or guideline that can follow me to build my own Password Strength Meter. If there was no official standard, what featu...

Which part of an application should be responsible for hashing a user's password?

Hi, I'm writing an ASP.NET MVC application which will provide user registration functionality but i am not sure which part of the application (e.g. User Domain model object, Controller, ViewModelMappers) should be responsible for hashing the user's password. I have a registration page that uses a strongly typed ViewModel and a Register...

Generate password hash in java like openssl passwd -1

Is there an easy way in Java to generate password hashes in same form as generated by "openssl passwd -1". Example: # openssl passwd -1 test $1$Gt24/BL6$E4ZsrluohHFxtcdqCH7jo. I'm looking for a pure java solution that does not call openssl or any other external program. Thanks Raffael ...

Save Email Password? - Is this secure?

Hello guys, today there was a big problem i got wile programming on my newest project. I have to save the Users Email-passwords in my system ( php + mysql ). I do it now this way: Is this secure? And when not what is a better way to do it? greetz from white Vienna Dom ...

Very simple password generation scheme; is this secure?

Edit/clarification: I mean password generation as in "deterministically generate passwords for your own use (e.g. to sign up for web services), based on some secret and on some site-specific data" I take the MD5 digest of the concatenation of my master password and a (non-secret) site-specific string. Then I take the first 16 digits of ...

most secure way to password protect admin files/folders?

what is the most secure way to password protect admin files/folders? im on apache/php ...

Password Protecting Resources | ASP.NET MVC

Hey Everyone, I am working on an ASP.NET MVC app, and I have some views which I want to password protect. Not in a username/password forms auth type of way. When a user tries to go to one of these protected pages, I want them to have to put in a password. I came up with a way to do this, I just want to get some validation that it is a g...

Is there a built in function to hash passwords in .NET?

I seen this question http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-database and i am aware i shouldnt do md5("salt" + password); and i see an implementation in python for a solution. Is there a .NET built in function with params i can use instead of writing my own? ...