Specific to the security of passwords: hashing, entropy, cracking, resets, lockouts, etc.
0
votes
1answer
19 views
Is a simple Whirlpool hash with random salt secure enough?
I've been working on a site that requires users to login. It's written in PHP with MySQL, and passwords are stored as Whirlpool hashes with a salt (source code later).
However, security sites or ...
-1
votes
0answers
7 views
Using Azure Blob Storage to create a Javascript-based authentication and storage system
I've been asked to create a Javascript-based application that uses HTTPS calls to Azure Blob storage, with no other website acting as a intermediary (except for provisioning)
Assume I publish this ...
2
votes
4answers
129 views
Best practice for forgot password form, ok to leak that a given e-mail is invalid
On our forgot password reset form, is it ok to leak that a given e-mail address entered is invalid? Or should we always just return success and check your e-mail, even if the e-mail is not valid.
I ...
8
votes
2answers
217 views
Bank accepts different password to the one that I set
I'm not particularly well versed in IT security so please bear with me.
I recently discovered that my bank's online system will accept passwords that consist of the correct password, and a string of ...
1
vote
1answer
56 views
Is it posible to bypass BIOS password without owner knowing later on?
My laptop BIOS is password protected. Probably the password can be bypassed using some hardware and software means. But is it possible that somebody having access to laptop but not knowing the ...
0
votes
2answers
60 views
Password stretching using concatenation of hashes
I'm working on a simple file encryption tool.
Basically, here's how my program works:
password = get_user_typed_password()
salt = uuid4()
key = bcrypt(password + salt)
cipher = AES(key)
for block ...
4
votes
4answers
142 views
Why change password? [duplicate]
Why are there recommendations to change passwords with certain intervals?
If I have a good password, e.g. a long wrongspelled odd sentence with a couple of special characters thrown in, why is the ...
-1
votes
0answers
22 views
Why application-specific passwords are tied to 2-step verification by Google? [closed]
I don't understand why the application-specific passwords are tied to the 2-step verification by Google.
(In other words, there appears to be no way to use just the application-specific passwords ...
0
votes
1answer
62 views
A fake phone tech changed my start up password. [closed]
I was duped into believing a phone caller was a computer tech. I allowed him remote access and when I refused to pay a fee at the end of all his changes he hung up. My start up now has an unknown ...
9
votes
4answers
687 views
Forgetting passwords typed in too frequently
It has happened to me several times that I've become so used to typing in a password I can't consciously remember it and it's purely muscle memory. This is particularly true with complex passwords ...
1
vote
3answers
83 views
How to guarantee privacy on files that I store
I want to create an Android app where users from an office (typical use) can upload scanned documents to the app backend service for later use.
e.g. A lawyer want to upload a sentence ...
-1
votes
1answer
95 views
Hydra bruteforce is giving wrong passwords. Can't seem to work any help? [closed]
Ok so what im actually trying to do is to bruteforce my own account on some website just to check myself .
This is NOT for illegal steps or use , im trying to crack my OWN password , and im trying to ...
1
vote
4answers
113 views
How to store passphrase in this situation?
How to store a passphrase with a Java application that periodically needs access to its plaintext form? It is a strange situation, but I am wedged in it. If providing a decent security mechanism is ...
1
vote
1answer
84 views
how to pass credentials across applications securely?
To simplify the user experience , if we want to design a system such that the user login password for the desktop account itself can be shared with various applications like chat/email/skype etc.
...
7
votes
4answers
405 views
Reasonable way to store encrypted passwords in a webapp's database, Linux
This question is generally similar to past questions asked here, but I haven't seen one the relates to Linux.
Case at hand: a PHP web app has a MySQL backend. As part of its functionality it accesses ...
