Specific to the security of passwords: hashing, entropy, cracking, resets, lockouts, etc.
-3
votes
0answers
12 views
Findout password after connecting with WPS ? [migrated]
I have a Cisco router and generated random password for it. I have connected my android mobile with WPS switch. is there any way to find out the password ?
-5
votes
0answers
22 views
Mobile App to securely access and modify a database stored on a server [on hold]
I would like to develop a mobile app that fetches and modifies data in a MySQL database. The information includes passwords and must be treated securely.
I do not want to allow the mobile app to be ...
2
votes
2answers
56 views
Slowing down repeated password attacks
I've been reading suggestions to use time-consuming formulas for checking passwords from login attempts, so that repeated attacks will be slowed down.
Wouldn't it suffice to just sleep a bit in the ...
0
votes
0answers
32 views
Dual Authorization (Social Auth 2.0)
Can you see any obvious challenges to requiring 2+ users to confirm authentication requests using an association such as a friendship type of relationship.
A practical application would be an ...
3
votes
3answers
179 views
Is saving passwords in Chrome as safe as using LastPass if you leave it signed in?
Justin Schuh defended Google's reasoning in the wake of this post detailing the "discovery" (sic) that passwords saved in the Chrome password manager can be viewed in plaintext. Let me just directly ...
0
votes
1answer
56 views
How much space is needed? [on hold]
How much memory is needed if I want to generate a dictionary of all possible combination of length 6 with a-z and 0-9 characters? Is it a good idea to go for cracking password if I know password ...
24
votes
5answers
1k views
What are the security implications of storing password blacklist?
I want to add a password blacklist that would prevent the 1000 most common passwords from being used in order to mitigate shallow dictionary attacks. Is there any negative implication of storing this ...
4
votes
1answer
168 views
What techniques do web services use to identify password theft?
I've noticed that some web services use a security scheme in which log-in attempts that have some unusual characteristics trigger extra authentication steps.
For example when I try to login to my ...
0
votes
1answer
162 views
How long would it take to brute force the AES encryption?
I'm trying to write a secure code that can keep my site users passwords as safe as possible. Now I'm fairly new to encryption and would like some professional opinions and suggestions. As well as a ...
3
votes
3answers
100 views
Proper storage/use of salted passwords?
If a salt is not stored along with the hashed password in the database, is it possible that the password is salted?
I ask because in a system I am working on there is only a password column, but when ...
0
votes
3answers
102 views
Why do you need to login after you change a password?
I can't recall a website that after resetting my password I was automatically logged in, I had to type the password again - which seems quite silly.
From a security perspective, why do websites do ...
0
votes
0answers
24 views
Issue creating John the Ripper dynamic formats [closed]
I was trying to learn how to put together a JTR dynamic format, but keep failing the test case with the error
Self test failed (get_hash0)
I'm recreating dynamic_12, which is ...
25
votes
4answers
2k views
Is it safe to show users why their password is not allowed?
/////////////////////////////// Updated Post Below ////////////////////////////
Well this question has received a lot of hits, more then I ever thought it would have on such a basic topic. So I ...
2
votes
3answers
119 views
Is there any reason I shouldn't use SHA1 of salt + website name + master password for my password in websites?
I considered writing a program to do the above for websites I only intend to use for short-term use.
1
vote
0answers
89 views
Steps for determine Hash Algorithm [migrated]
I have 5 test user and they have same password. I am testing an application which stores the password in the database in an encrypted format. I want learn which hash algoritm has been used on this ...
