passwords

问题 For security purposes I will encrypt some data, including the user password in my application. My colleagues have chosen scrypt hashing algorithm, for a 64 bytes length, with a fixed seed, then converted to hex. Hashing " A12345678Z " leads to: 25fac84a1cc3a8f6706848d1016cfe7e9d3631691306dcacae68c11c7b54f0bf89e7a7fc51f7fcc19671775acb21c8d928c4c96bb66d915925de58b8b36ab251 Seed is “ HeanpyftAkWilfUd ”. On server, they are using this implementation : https://github.com/ricmoo/pyscrypt Example:

问题 I am creating an application in which user selects files and provides credentials to open that file. For that I have created three columns in a gridview. User enters password in password column. I want to display * in place of characters like we can create a textbox of password type. I have tried this code on GridView_CellClick event : if (GridView.Columns[e.ColumnIndex].HeaderText == "Password") { txtPassword[e.RowIndex] = new TextBox(); txtPassword[e.RowIndex].Name = "txtPassword"+e

问题 I have been tossing around the question of how to store the passwords in my DB for some time now. This is my first time at making a secure application with a web login, so i wanted to set up some good practices. First, i read up on hashing and salting. It seems that the idea is... Get hashing algorithm Get password from user Add 'salt' to plain text password from user hash the entire password (including salt) Store the salt in the db so that you can retrieve it later (for verification of PSWD

问题 I have a RoR application (Rails 4.2, Ruby 2.2.0) running Devise. I have set it up so that admin users (identified the "is_admin" boolean I added to the user model) are able to create new user account, provide them with a generated password and confirmation email. This is all working properly. I have also added the datetime column pass_changed which should be updated when a user changes their password, and then checked against created_at to make sure that the password has changed since the

问题 I have a few SSIS packages that were password-protected (their protection level is apparently EncryptAllWithPassword) by a developer who left the company and can't be reached anymore, and trying to open them gives the following error since the password can't be supplied: Error loading 'Package.dtsx' : Failed to remove package protection with error 0xC0014037 "The package is encrypted with a password. The password was not specified, or is not correct.". This occurs in the CPackage::LoadFromXML

问题 There are many techniques to enforce strong passwords on website: Requesting that passwords pass a regex of varying complexity Setting the password autonomously, so that casual users have a strong password Letting passwords expire etc. On the other hands there are drawbacks, because all of them make life less easy for the user, meaning less registrations. So, what techniques do you use? Which provide the best protection vs. inconvenience ratio? To clear things up, I am not referring to

问题 I have implemented a TextInputLayout with a password field in the usual way: <android.support.design.widget.TextInputLayout android:layout_width="match_parent" android:layout_height="wrap_content"> <EditText android:id="@+id/returning_password" android:layout_width="match_parent" android:layout_height="wrap_content" android:hint="@string/prompt_password" android:inputType="textPassword" android:maxLines="1" android:textSize="14sp" /> </android.support.design.widget.TextInputLayout> This

问题 How is bcrypt stronger than, say, def md5lots(password, salt, rounds): if (rounds < 1) return password else newpass = md5(password + salt) return md5lots(newpass, salt, rounds-1) I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms? 回答1: There are three significant differences between bcrypt and hashing multiple times with MD5: The size of the output: 128-bit (16

问题 How is bcrypt stronger than, say, def md5lots(password, salt, rounds): if (rounds < 1) return password else newpass = md5(password + salt) return md5lots(newpass, salt, rounds-1) I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms? 回答1: There are three significant differences between bcrypt and hashing multiple times with MD5: The size of the output: 128-bit (16

问题 I am pretty much weak in creating Regular Expression. So I am here. I need a regular expression satisfying the following. Atleast one numeric value and Atleast one alphabet should be present for the password Minimum 6 Maximum 32 characters should be allowed. 回答1: -(BOOL) isPasswordValid:(NSString *)pwd { if ( [pwd length]<6 || [pwd length]>32 ) return NO; // too long or too short NSRange rang; rang = [pwd rangeOfCharacterFromSet:[NSCharacterSet letterCharacterSet]]; if ( !rang.length ) return