passwords

So I need to generate a Sha256 password in Objective-C, and can't figure out for the life of me how to do it! Is there something easy I'm just missing? I've tried implementing the following method (which was written for iPhone, but I figured maybe it'd work cross-platform, as some Objective-C code does) -(NSString*)sha256HashFor:(NSString*)input { const char* str = [input UTF8String]; unsigned char result[CC_SHA256_DIGEST_LENGTH]; CC_SHA256(str, strlen(str), result); NSMutableString *ret = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH*2]; for(int i = 0; i<CC_SHA256_DIGEST_LENGTH;

I came across this statement Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided. Can someone clarify why forgotten passwords are a risk? I plan to handle it by sending the user a link in their email to reset the password, but will not provide them with the old password (since it's hashed anyway), and

How is bcrypt stronger than, say, def md5lots(password, salt, rounds): if (rounds < 1) return password else newpass = md5(password + salt) return md5lots(newpass, salt, rounds-1) I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms? There are three significant differences between bcrypt and hashing multiple times with MD5: The size of the output: 128-bit (16-bytes) for MD5 and 448 bits (56-bytes) for bcrypt. If you store millions of hashes in a database, this has to

I'm using emacs tramp mode to remotely edit files over ssh. The problem is that every time I save the file I'm editing I have to enter my user password. I find that very annoying. How can I write my password only once / editing session? Ah, from the tramp docs on password caching you can set: (setq password-cache-expiry nil) which requires the package password-cache.el . Also, in the tramp sources, it mentions reading the ssh-agent(1) man page, which shows how to set it up so that you don't have to re-enter passwords (inside, or outside of Emacs): There are two main ways to get an agent set up

For the purpose of a new web app, I would need on my sign up page (which is administrator only) just only one email field. The thing is that I'm totally new at rails and so even basics things like that are for me really difficult... I created my authentification using Railscast #270 which uses has_secure_password method. For now, everything works great except that I dont need all this bullcrap... I also want to use Action Mailer to send the generated password to his email adress. A hex(8) password would be perfect (I have seen SecureRandom but it seems to be depreciated) Users_Controller: