passwords

问题 I am having a bit little bit of trouble understanding php's crypt function. My PHP version is 5.4.7. I want to use crypt to store salted passwords in the database, because as far as I am told, developers who use md5 to hash passwords are to be staked and burned on the spot. I wanted to use the blowfish alg to generate the hash. Now, according to the php documentation, crypt uses blowfish if you call it with "$2y$" + cost (for instance: "08") + "$" + 22 characters salt ( ./0-9A-Za-z ). However

问题 When connecting to a network share for which the current user (in my case, a network enabled service user) has no rights, name and password have to be provided. I know how to do this with Win32 functions (the WNet* family from mpr.dll ), but would like to do it with .Net (2.0) functionality. What options are available? Maybe some more information helps: The use case is a windows service, not an Asp.Net application. The service is running under an account which has no rights on the share. The

问题 Im trying to write a program that limits the password to three incorrect attempts then exits after 3 incorrect attempts. Here is the code I have thus far. I feel like I am really close to figuring this out but i cannot figure out what to do. #include <fstream> #include <iomanip> #include <iostream> #include <string> #include <cmath> using namespace std; void getPassword() { for(int i = 0; i < 3; i++) { string password; cout << "Enter the password: "; getline(cin, password); if (password ==

问题 I have a simple registration form as follows: <div class ="container form"> <div class="jumbotron form"><h2><i class="fa fa-user-plus" aria-hidden="true"></i> Signup</h2></div> <form action = "/register" method="POST"> <div class="form-group"> <i class="fa fa-user" aria-hidden="true"></i> <label for="username">Username</label> <input type = "text" class = "form-control" placeholder = "Enter username" name="username"> </div> <div class="form-group"> <i class="fa fa-key" aria-hidden="true"></i>

问题 Fact A. Based on Pigeonhole Principle, every hash functions has infinite number of collisions, even if none is found yet. Fact B. Re-hashing a hash, like hash(hash(password)) is not more secure than hash(password), actually hash(hash(password)) open up a collision attack that is not possible with hash(password). Fact C. Based on B, by increasing iterations, we reach a point that most passwords and salts will return same constant hash value. I mean probability of colliding will be high, even

问题 I got AdventureWorks2012 DB from http://msftdbprodsamples.codeplex.com/releases/view/55330 and trying to ValidatePassword from Person.Password table. 'PasswordHash' column description says "Password for the e-mail account." and 'PasswordSalt' column description says "Random value concatenated with the password string before the password is hashed." Here are the sample data from the DB: BusinessEntityID, PasswordHash, PasswordSalt, EmailAddress ---------------- --------------------------------

问题 I'm working on an application that shows information stored on a Liferay database. For doing that I made a web service, using Java, that reads data from the database. All queries are going well but I need a login section. The issue is that the password is encrypted and I don't know how to compare the password given by the user and the passwords I have in the database, that are encrypted. EDIT : passwords.encryption.algorithm has the default value: PBKDF2WithHmacSHA1/160/128000 Any suggestion?

问题 I am working on an automated backup script. This script needs to download an HTTP resource using a username and password. At the moment, the auth credentials are in cleartext, which is obviously not ideal from a security point of view. I recently discovered the security utility on OS X after reading this blog post. security gives you keychain access from the command line. The OS X Keychain allows you to specify applications that are allowed access to a specific password, but it turns out that

问题 I am using this code on the input element: onmouseout=" $('#passwordhelp').text(''); $('#rpassword').attr('type', 'password')" 回答1: You can't change the property type with jquery in the way you are attempting to do it. You're bumping into a browser issue: See JQuery change type of input field 回答2: Are you using jQuery 1.6 or above? If so try .prop(). In your case like this (Example): onmouseout=" $('#passwordhelp').text(''); $('#rpassword').prop('type', 'password')" Though it won't work on

问题 I'm trying to create a custom membership system in ASP.NET MVC3 . I know there are many free and open source providers, but I'm doing this to learn more. My question is about encrypting passwords. Which algorithm do you suggest I use: SHA1 , SHA256 , MD5 , BCrypt , or something else? Also, which way do you suggest to create a password salt? 回答1: BCrypt if you need really strong hash. As far as generating the salt is concerned, you could use the RNGCryptoServiceProvider class. Here's an