passwords

问题 I have a friend which is a white hat hacker. He says that md5 is not really that bad and actually is really secure, just if we use it properly. I believe that he is right. As I know, there is 3 ways to break hashes: Using Rainbow tables (Which can be secured against by a long/random salt) Collision (Which can be prevented by multiple salts or hashes - as in example bellow) Generation time (Which is not much important if we use a long enough salt value per each user - AFAIK) I and my friend

问题 I'm doing password based file encryption in Java; I'm using AES as the underlying encryption algorithm and PBKDF2WithHmacSHA1 to derive a key from a salt and password combination using the following code (which I got from another generous poster on this site). SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec ks = new PBEKeySpec(password,salt,1024,128); SecretKey s = f.generateSecret(ks); Key k = new SecretKeySpec(s.getEncoded(),"AES"); I share the salt, the

问题 What do I need to do for code in Bash, if I want to echo * s in place of password characters (or even just hide the characters completely) when the user types something in using read ? 回答1: As Mark Rushakoff pointed out, read -s will suppress the echoing of characters typed at the prompt. You can make use of that feature as part of this script to echo asterisks for each character typed: #!/bin/bash unset password prompt="Enter Password:" while IFS= read -p "$prompt" -r -s -n 1 char do if [[

问题 What do I need to do for code in Bash, if I want to echo * s in place of password characters (or even just hide the characters completely) when the user types something in using read ? 回答1: As Mark Rushakoff pointed out, read -s will suppress the echoing of characters typed at the prompt. You can make use of that feature as part of this script to echo asterisks for each character typed: #!/bin/bash unset password prompt="Enter Password:" while IFS= read -p "$prompt" -r -s -n 1 char do if [[

问题 What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way. It would be nice if the password is remembered for a

问题 As per question, is it safe to store passwords on php pages such as $password = 'pa$$w0rd'; If the users can't see it, it's safe, right? EDIT: Some people actually suggested using hash, however, there would be a problem with database server connection password, wouldn't it? 回答1: The short answer is both No, and It Depends. It's almost never a good idea to store passwords in plain text, especially in a web accessible location, if for no other reason than a simple server misconfiguration or an

问题 I came across a discussion in which I learned that what I'd been doing wasn't in fact salting passwords but peppering them, and I've since begun doing both with a function like: hash_function($salt.hash_function($pepper.$password)) [multiple iterations] Ignoring the chosen hash algorithm (I want this to be a discussion of salts & peppers and not specific algorithms but I'm using a secure one), is this a secure option or should I be doing something different? For those unfamiliar with the

问题 Is there any way to change the asterisks ( * ), or in some browsers a bullet ( • ), that appears in password fields in HTML? 回答1: You can't change the password masking character in the standard password field. You can fake it with a textbox, but it makes for a weak security model because you don't get the protection you do from the password textbox. As a side note, it's generally not a good idea to change the behaviour of items like this because users have become used to one form of masking,

问题 We just upgraded our Visual Studio 2008 projects to Visual Studio 2010. All of our assemblies were strong signed using a Verisign code signing certificate. Since the upgrade we continuously get the following error: Cannot import the following key file: companyname.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_3E185446540E7F7A This happens

问题 I just installed MySQL on Mac OS X. The next step was setting the root user password, so I did this next: Launch the terminal app to access the Unix command line. Under the Unix prompt I executed these commands: $ cd /usr/local/mysql/bin $ ./mysqladmin -u root password 'password' But, when I execute the command $ ./mysql -u root , this is the answer: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 224 Server version: 5.5.13 MySQL Community Server (GPL)