passwords

How to test a regex password in Python?

Using a regex in Python, how can I verify that a user's password is: At least 8 characters Must be restricted to, though does not specifically require any of: uppercase letters: A-Z lowercase letters: a-z numbers: 0-9 any of the special characters: @#$%^&+= Note, all the letter/number/special chars are optional. I only want to ver...

Python-based password tracker (or dictionary)

Hello: Where we work we need to remember about 10 long passwords which need to change every so often. I would like to create a utility which can potentially save these passwords in an encrypted file so that we can keep track of them. I can think of some sort of dictionary passwd = {'host1':'pass1', 'host2':'pass2'}, etc, but I don't kn...

jQuery password strength plugin callback validation method

I'm using a a jQuery plugin to evaluate password strength. It gives a graphical representation for the user to see how secure the password is. I'd like to use it to validate the field as well. The plugin works by assessing the password and giving it a score. I want to be able to verify that the user has entered a password of at least a...

ASP.net PasswordStrengthRegularExpression to prevent common passwords like "11111" or "123456"

A customer asked me to prevent users from typing common passwords, but permit them to use only alphanumeric passwords. Do you know a regular expression to use in the built in PasswordStrengthRegularExpression option? Edit: I know is pretty vague, and that what I told the client. The definition is something like Do not allow the same ...

How can I programmatically change my windows domain password?

In other words, how to change my password without going through the "CTRL-ALT-DEL -> Change Password" interface. By programmatically I mean via a command-line tool, C# via a .NET library, COM-invocation via Python, ... whatever doesn't involve any manual steps, really. The "NET USER" command is ineligible, as it requires me to run with...

Can someone point me to a good PHP/MySQL salted hashed password implementation?

Hey everyone, After reading about salts password hashing Id like to implement a simple version for an admin area to a site Im building. If you have any good links with code that have implemented this idea well, I would appreciate it if you could share. Thanks, ...

BCrypt says long, similar passwords are equivalent - problem with me, the gem, or the field of cryptography?

I've been experimenting with BCrypt, and found the following. If it matters, I'm running ruby 1.9.2dev (2010-04-30 trunk 27557) [i686-linux] require 'bcrypt' # bcrypt-ruby gem, version 2.1.2 @long_string_1 = 'f287ed6548e91475d06688b481ae8612fa060b2d402fdde8f79b7d0181d6a27d8feede46b833ecd9633b10824259ebac13b077efb7c24563fce0000670834215...

encrypting passwords in a python conf file on a windows platform

Hello all. I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up: My conf file sensitive info is encoded with base64 module. The main script then de...

Hash passwords before transmitting? (web)

I was reading this Ars article on password security and it mentioned there are sites that "hash the password before transmitting"? Now, assuming this isn't using an SSL connection (HTTPS), a. is this actually secure and b. if it is how would you do this in a secure manor? Edit 1: (some thoughts based on first few answers) c. If you do...

How much user data should be required to grant a password reset?

I'm looking to add password-reset functionality to my site and have been browsing the numerous threads discussing various aspects of that issue here on SO. One thing I haven't really seen clarified is how much information to require from the user for confirmation before sending out the reset email. is email alone enough? email + accoun...

Android 2.2 - and exchange password policy enforcement

Hi, In Android 2.2 site (link text it's written: Improved security with the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices But while I'm using N1 with 2.2 and try to connect to my company exchange server it didn't enforce me to set a passwor...

iPhone SQLite Password Field Encryption

Good Afternoon Guys and Girls, Hopefully this will be a quick and easy question. I am building an App that requires the user to input their login details for an online service that it links to. Multiple login details can be added and saved as the user may have several accounts that they would like to switch between. These details will...

Double hashing passwords - client & server

Hey, first, let me say, I'm not asking about things like md5(md5(..., there are already topics about it. My question is this: We allow our clients to store their passwords locally. Naturally, we don't want them stored in plan text, so we hmac them locally, before storing and/or sending. Now, this is fine, but if this is all we did, the...

how to store password on gae when someone register.

ex: username:zjm1126 password:11 i stored the password to the datastore on gae, when i see the data view at /_ah/admin, i can see the password all people's password who register, i think it is not safe , yes ? is password stroed like this ? how to stored password, thanks and the check_password method is : user=MyUser.get_by...

Where does Internet Explorer store saved passwords?

Where does Internet Explorer store saved passwords? And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords. At first i assumed that Microsoft was using the standard api: CredRead CredWrite which is used to save domain and generic program/web...

configure strong admin password policy

Hey, Just wondering if there are more password policies beyond the generic ones such as "minimum password age", "password must meet complexity requirements", etc. I would like to create stronger password policies for the administrators. Is there a way to add more complexity to the password requirements? Another thing, is there a way to...

Optimal password salt length

Possible Duplicate: What is the optimal length for user password salt? I tried to find the answer to this question on Stack Overflow without any success. Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated passw...

Store password temporarily in memory

Hello, I'm looking for a way in an Android application to store a password within the memory as long as the application is running (cf. different activities). I was first thinking about the SharedPreferences, but then it's saved in the flash memory, which isn't that good for a password, I guess. I'm unsure, what's the best way. What wo...

PHP/PAM to change user password?

Are there any working packages to change a linux user passwords using PHP? I've tried using PECL:PAM but theres an error when it tries to change the password. Edit: PHP code: echo pam_chpass($username, $password, $new_pass, &$error) ? 'good' : $error; PHP (echo) output: Permission denied (in pam_authenticate) From /var/log/aut...

storing original password text

My web application stores external website login/passwords for interaction with them. To interact with these websites I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords? Edit: I am concerned if someone gets access to my server. If I use some kind of...