passwords

问题 There are many questions on StackOverflow about simple, database-less login systems. I was about to suggest a salted hash approach on a recent one, when I thought: "does it really make sense to do that?". I have been storing salted hashes on databases for years, and I understand why it's more secure: if the database is compromised, the information it contains won't allow anyone to log into my system (unlike if I were storing plain text passwords in the db). But in a setup that does not

问题 The thing is that I have two values which are similar to a username and password, but are actually 2 randomly generated GUID's that users use to login to a website I made - they are not really a username and password, but with the GUIDs I try to replicate this combination. Usually browsers ask you if you want to save the provided login values when seeing the type='password' attribute for an element. However, a type='password' attribute would make typing a GUID in a field rather difficult,

问题 I would like to securely ask a password to a user and then pass it to subprocess.Popen to run a command that requires it. I have seen this question and that one, but I wonder if I can securely pass the password via the subprocess environment like that: import subprocess, os user_password = input("what is you password?") my_env = os.environ.copy() my_env["userpass"] = user_password my_command = "python --version" subprocess.Popen(my_command, env=my_env) Will the password be flushed once the

问题 This may seem trivial, but I can't figure out how to give the password box in this dialog focus. import javax.swing.JOptionPane; import javax.swing.JPasswordField; public class PasswordBox { @SuppressWarnings("unused") public String prompt() { JPasswordField pass = new JPasswordField(10); int action = JOptionPane.showConfirmDialog(null, pass,"Enter Password",JOptionPane.OK_CANCEL_OPTION); return new String(pass.getPassword()); } } I invoke it from other classes like this: String tmpPASS = new

问题 I am writing a class to hash passwords which implements Key Stretching by using the System.Security.Cryptography.Rfc2898DeriveBytes class to generate the keys used to compute the hash value. The code essentially does this: // Higher iterations value results in better key strength var db = new Rfc2898DeriveBytes(password + salt + secretKeyFromConfigFile, saltAsBytes, iterations); byte[] hashKey = db.GetBytes(64); // 64 bytes is the recommended size for the HMACSHA512 class var sha512 = new

问题 I've seen various methods on how to properly salt a password. The basic premise is that you attach a random string to each password before it is hashed and stored. Can I store the salt in the same table as the password? Also, does it matter if the salt is stored as plain text, as long as each entry has a different salt? 回答1: Yes. The idea behind a salt is not that the salt be secret, but that it causes the same password for different users to be hashed differently. This raises the size of

问题 I read several articles and posts about security regarding (note Comparing input password to stored hashed password in a web app or Why is char[] preferred over String for passwords? Since to retrieve a parameter value from request uses request.getParameter("passwordFieldName") which returns a String, is there any option to retrieve a parameter from request as a char[]? 回答1: Unfortunately I know of no way. The request parameters are already loaded, hopefully internally as reused byte[] or

问题 I am doing a project for class where I would like to create a little password login in Android Studio. I want to create something simple and I know how to do it on Java but I don't know how I would go about doing it in this application. I basically want to get up a password box and a button. On down of the button I would like to test the input of the edit text password box to see if it equals the variable. This variable would be set and definite to something like root. I need to find a way to

问题 I am doing a project for class where I would like to create a little password login in Android Studio. I want to create something simple and I know how to do it on Java but I don't know how I would go about doing it in this application. I basically want to get up a password box and a button. On down of the button I would like to test the input of the edit text password box to see if it equals the variable. This variable would be set and definite to something like root. I need to find a way to

问题 I'm using ansible in the following way: ansible-playbook -f 1 my-play-book.yaml --ask-pass --ask-sudo-pass After this I'm asked to enter the ssh & sudo passwords (same password for both). Inside my playbook file I'm using synchronize task: synchronize: mode=push src=rel/path/myfolder/ dest=/abs/path/myfolder/ For each host, I'm prompted to enter the ssh password of the remote host (the same that I entered in the beginning of the playbook run) How can I avoid entering the password when