passwords

iphone storing password locally and sending it across to a server securely

I am writing an iPhone app which will start with asking the user to register with a login/passwd. These should be : Saved securely locally Send securely to a remote web-server What do I need to achieve the above? Say, for local storage, shall I save them in a file or database? Shall I encrypt it? For sending it over, is HTTPS suffici...

What algorithm should I use for encrypting and embedding a password for an application?

What algorithm should I use for encrypting and embedding a password for an application? It obviously is not bullet proof, but it should be good enough to thwart someone scanning the database with a hex editor, or make it hard for someone who has the skills to use a debugger to trace the code to work out, either by scanning for the encry...

Am I supposed to store hashes for passwords?

User System and Passwords: I was looking through MD5 stuff, and I am wondering what is the normal/good practice for passwords. Right now, I think people super encrypt the passwords and store the hashes. If so, how does password checking work? I just have the input password go through the encryption process again and then check the hash w...

Only allow users on my network domain to open an Excel workbook

Rather than distribute a password to employees, I would like to protect an excel workbook so that only users on the company domain can open the workbook. Is there a feasible way to do this? The workbook should be encrypted, but transparently decrypted for users who are logged into the company domain. That way, a file that strays from ...

Hashing Credentials in Objective C

I am trying to store a username and password to hash against for future offline logging in. What is the best way to do this in objective c? I will need the password to be stored securely. ...

Make windows XP ask for password

We have software that have some features that are so sensitive that we want to verify the identity of the user. Instead of using a own user/password scheme we would really like to either test the password against the user password in XP, or even make Windows self reauthenticate the user so we can make sure that it is an authorized person...

SQL Server Password

Is there any way of retreaving a SQL Server Authenticatiion password. I am running Server 2005 with admin rights. ...

How can I check if a user has written his username and password correctly?

I'm using a Linq-to-SQL class called Scans.dbml. In that class I've dragged a table called Users (username, password, role) onto the graphic area and now I can access User object via a UserRepository class: using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Scanner.Classes { public clas...

How to easily salt a password in a C# windows form application?

How can I easily salt a password from a Textbox.Text? Are there some built in wizardry in the .NET framework? ...

does it make sense to send password information during email communication from websites

Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a ...

Migrating from clear password storage to authlogic

Hi ! I'm currently working on a Rails app which stores plain clear passwords (...). So I'm migrating to Authlogic authentication with a 'standard' SHA512 encryption. I did that which works fine : #file /models/user.rb class User < ActiveRecord::Base acts_as_authentic { |c| c.transition_from_crypto_providers = [MyOwnNoCrypto, Au...

How to configure JBoss DatabaseServerLoginModule for Digest Authentication in a Web Application

In a sentence, I want to configure JBoss 4.2.2 to use DatabaseServerLoginModule as the login-module for a Web application that is secured via Digest Authentication. The problem I am having is that the passwords fail to validate. I suspect the issue is either in how I've defined the application policy or in how the passwords are stored ...

Change Unix password from command line over Python/Fabric

I would like a way to update my password on a remote Ubuntu 10.4 box with fabric. I would expect my fabfile.py would look something like this: def update_password(old_pw, new_pw): # Connects over ssh with a public key authentication run("some_passwd_cmd --old %s --new %s" % (old_pw, new_pd)) Unfortunately the only command I k...

Why is "Forgotten Password" bad?

I came across this statement Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identi...

jquery password rules

Hey all, Tried posting this before but it did not go through (i think) so if this is a repost please disregard. However, I asked a question yesterday and figured it out with the wonderful help from here. I have a user account page where a user can edit their account information. Now, they don't always change their password. So, I made t...

jquery add method and implementation

Ok so from my previous post I got a lot of good feedback. I am starting this one so that I can start a new question and add the full code I have. i know something is messing up, but here is my method and implementation. jquery.validator.addMethod("passwordRules", function(input) { var reg = /^{^%\s]{6,}$/; var reg2 = /[a-zA-Z]/;...

.NET 3.5 - Hashing a password using System.Cryptography

Hi, I am a bit of a newbie around Security nitty gritties and especially around Cryptography. In the application we are building(ASP.net application built on .NET 3.5), we are currently using Databases to save our users authentication information (AD etc is not an option at this point). The intention is to do a one way salted hash of t...

Why aren't original passwords stored?

I am new to web development. Am I allowed to store users' original passwords? I know good practice is to store the hashed password using a salt, but why don't we store the original password? Is it because the database is easily hacked, so hashing protects passwords? Are there any other reasons? If not, I would like to store the origi...

Python httplib.HTTPSConnection and password

I use httplib.HTTPSConnection with private key: h = httplib.HTTPSConnection(url, key_file='../cert/priv.pem', cert_file='../cert/srv_test.crt') Then I am asked to enter the password to that private key. Is there any option to enter such password not from user input (console) but from other source (code, environment)? Maybe something l...

What is the alternate to PasswordDigest when clear text password is not stored on the web-service producer?

Scenario: Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination. Web Services Security UsernameToken Profile allows us to add soap headers for this purpose: The element is introduced in the WSS: SOAP Message Security document...