passwords

问题 Are there any django apps for force expiring the password of the user after certain interval like 30 days? I am using djangp's auth and want to extend it or use a community app. What I have tried so far: Added a field to user profile for storing the date of last password updated. Extended the login method to check for this date and redirect the user to password change page. What I am confused about: To block the user accessing the site till the password is changed. User should not be able to

问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: Secure hash and salt for PHP passwords I am making a website, and I need a secure algorithm to store passwords. I was first thinking of bcrypt, but then I found out my host did not support it and I am not able to change host. My host allow this encryption: Standard DES And these hashes: MD5 md2, md4 & md5 sha1, sha256, sha384 & sha512 ripemd128, ripemd160, ripemd256 and ripemd360 whirlpool tiger128,3, tiger160,3

问题 This is the code I use to "hash" (or derive key as called in the PBKDF2 implementation of the PKCS standard) passwords strings with the Rfc2898DeriveBytes class provided in .NET: int saltSize = 256; int iterations = 1000; int keySize = 20; // The parameter I'm not sure of var deriveBytes = new Rfc2898DeriveBytes("mypassword", saltSize, iterations); byte[] salt = deriveBytes.Salt; byte[] key = deriveBytes.GetBytes(keySize); Now, I understand that the salt size doesn't matter much (as long as

问题 I need to regex match a password field using javascript with the following requirements: At least 15 characters two or more lower case letters two or more upper case letters two or more digits two or more of the following special characters: !@#$%^&*- I have a regex that takes care of MOST cases: /^.*(?=.{15,})(?=.{2,}\d)(?=.{2,}[a-z])(?=.{2,}[A-Z])(?=.{2,}[\!\@\#\$\%\^\&\*\-]).*$/ The problem here is with the symbols, it works with: P@ssw0rdP@ssw0rd Pssw0rdPssw0rd@@ Pssw0rd@@Pssw0rd But not:

问题 I'm trying to set AFI password to the SLIX-S tag. I found the command for set password is B3: take a look please (Link here: Page 12). But every time my set password command crash. I think the format of the code line I use is wrong. Is there any way to solve this problem? Thanks a lot for anything can help me. Update: I tried this one sequence of bytes but still can't set password successfully. buffer = nfcv.transceive(new byte[] { 0x00, //flag 0xB3, //set password command 0x04, /

问题 All, Sorry in advance - I'm a novice in most of the topics below (SQL, ASP). Anyway... I've got a pretty simple web app that requires users to log in with a user name and password. The front end creates a salted SHA1 hash of the password, and posts it (along with the user's name) to an ASP page. That ASP page takes the data, calls a stored procedure in the SQL Server database, and passes the users name and hashed password; the stored procedure writes the info to the 'users' table. The

问题 There are lots of replies here on how to prevent password form element autocomplete. My question is should we? According to the UK government; forcing password resets (something we're often asked to do by clients) describes a net-loss in security and it's actively discouraged. According to Mozilla; forcing password autocomplete off also suggests a net-loss in security . The UK .gov website doesn't mention this particular practice. My question: Should I attempt to prevent password autocomplete

问题 I am writing an android password manager application and i want to store the master password somewhere but i don't know where. Should i encrypt the master password that the user gives me with a hard coded password that i choose and then store it to the database? or should i do something else? 回答1: You should never store unencrypted passwords. For passwords, that you can't encrypt safely (because you have to store the decryption key somewhere), you should only store a unreversible hash of it.

问题 This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 7 years ago . I need to enforce the following password policy : at least 9 characters, with at least one character from each of the 4 character classes (alphabetic

问题 How do I go about implementing a secure password reset function without sending the user an e-mail? There is another secure bit of information that I store and only the user should know, but it seems insecure to just let the user update a password just because they know a 9 digit number. Note that user data is stored in a simple SQL table due to limitations on real database users on the server I'm working on. Any input would be appreciated. Update: After making an attempt at OpenID and