passwords

I have installed ubuntu 16.04 server. Mysql server was installed by default in it. When I am trying to access the mysql with mysql -u root -p , I am unable to log in to mysql because I dont have the password. Is there any default password? I have also tried with --skip-grant-tables , even this does not work. Even trying to log in with just mysql -u root is a failure. This is what you are looking for: sudo mysql --defaults-file=/etc/mysql/debian.cnf MySql on Debian-base Linux usually use a configuration file with the credentials. Harper Mysql by default has root user's authentication plugin as

Right now, users can edit some their attributes without having to enter their password because my validations are set up like this: validates :password, :presence =>true, :confirmation => true, :length => { :within => 6..40 }, :on => :create validates :password, :confirmation => true, :length => { :within => 6..40 }, :on => :update, :unless => lambda{ |user| user.password.blank? } However, after a user does this, their password is deleted - update_attributes is updating their password to "". Here is my update definition: def update if @user.update_attributes(params[:user]) flash[:success] =

Any best practice on how a reset password token should be constructed? I'm thinking: random 17 characters [a-zA-Z0-9] + a globally unique id + random 17 characters [a-zA-Z0-9]. Is there a better solution, or an industry standard on reset password tokens? martinstoeckli There are some important points to consider. The code should be really random (read from MCRYPT_DEV_URANDOM), and should not be derrived from other user related information. Ideally the code is base62 encoded (A-Z a-z 0-9) to avoid problems with the Url. Store only a hash of the token in the database , otherwise an attacker with

I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good length for the key (keylen)? Also, for storage I have seen examples of storing the salt, length,

I installed SVN on a Ubuntu machine and I can't get my head around something. Whenever I checkout something from the terminal I get this error about saving a non-encrypted password: ----------------------------------------------------------------------- ATTENTION! Your password for authentication realm: <[...]> Subversion Repository can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store

How do you generate passwords? Random Characters? Passphrases? High Ascii? Something like this? cat /dev/urandom | strings Mac OS X's "Keychain Access" application gives you access to the nice OS X password generator. Hit command-N and click the key icon. You get to choose password style (memorable, numeric, alphanumeric, random, FIPS-181) and choose the length. It also warns you about weak passwords. Arul S Use this & thumps up :) cat /dev/urandom | tr -dc 'a-zA-Z0-9-!@#$%^&*()_+~' | fold -w 10 | head -n 1 Change the head count to generate number of passwords. A short python script to

I would like to create a site-wide hash to be used as salt in creating password retrieval tokens. I have been bouncing around stackoverflow trying to get a sense of the best way to do this. Here's the reset process: When a user requests a password reset email the code generates a retrieval token: $token = hash_hmac('sha256', $reset_hash* , $site_hash) *$reset_hash is a hash created using phpass HashPassword() function, saved in the user table. I then send the token in a URL to the users email address. They click before the token times out in an hour. I match their submission with the a