passwords

问题 Hi I have a list of few hundred hosts. I want to run a command using ssh in a loop, if my ssh keys are set properly, then I execute a command if I get challenge for password I want to skip to the next host So lets say I have hosta and hostb and hostc. I can do a ssh to hosta & hostc , but hostb is challenging me for password. Is there a way to check if a hosts will challenge me for password or not? So my logic would be if I get challenge from $host; then skip host else ssh $host 'command' fi

问题 I am looking for a open source component that can estimate strength of a password. Searching the web, I found this very interesting: https://github.com/lowe/zxcvbn (and for more details about it: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/). What impressed me was the ability to analise the given password comparing to "common passwords, common American names and surnames, common English words, and common patterns like dates, repeats (aaa), sequences (abcd),

问题 After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1. However I'm curious how easily one could brute force that. I'm looking at our password complexity rules, and am wondering how fast it'd take to do (say) 8 length lower case ascii letters. This guide to cracking the LinkedIn password hash, has someone doing 430 million sha1 hashes per second on a GPU. http://erratasec

问题 Months ago, I installed an Odoo server and it worked perfectly ! Problem is that I forgot the identification (email/pass) for the admin, wich is real bad. After uninstalling the server and reinstalling it I found out that the database was not wiped. So it didn't change at all ! Please, can anyone help me finding the admin's email and password ? I'm not very familiar with progresql but res_users displays empty passwords: 回答1: You may change admin password using progresql from the terminal. You

问题 User System and Passwords: I was looking through MD5 stuff, and I am wondering what is the normal/good practice for passwords. Right now, I think people super encrypt the passwords and store the hashes. If so, how does password checking work? I just have the input password go through the encryption process again and then check the hash with the stored one, correct? This question may contradict the above, but should my salt ever be a randomly generated value? If so, when may it be useful? Edit

问题 The function password_verify() in the new PHP password API checks if the password corresponds to the hash. The hash is generated by password_hash(), that by default uses a random salt and a cost = 10 . I always thought (although I never studied it) that you have to store the salt inside the database and then when you want to verify the password, hash it with the given salt using the same cost. How can password_verify() check the password without knowing salt and cost? 回答1: The string returned

问题 For the purpose of a new web app, I would need on my sign up page (which is administrator only) just only one email field. The thing is that I'm totally new at rails and so even basics things like that are for me really difficult... I created my authentification using Railscast #270 which uses has_secure_password method. For now, everything works great except that I dont need all this bullcrap... I also want to use Action Mailer to send the generated password to his email adress. A hex(8)

问题 I can't get rid of unwanted placeholder (or watermark) on password textbox. When password textbox is focused, Android web browser displays placeholder overtaken from associated label element, like this: HTML source: <form method="post"> <label for="userName">Login name:</label> <input id="userName" name="userName" type="text" value="" /> <label for="password">Password:</label> <input id="password" name="password" type="password" /> <input type="submit" id="submit" name="submit" value="Log In"

问题 After reading about salts password hashing Id like to implement a simple version for an admin area to a site Im building. If you have any good links with code that have implemented this idea well, I would appreciate it if you could share. Thanks, 回答1: Registration process: User enters a password. System generates a salt value from random data (could be a hash of the time & PID or something). Systems generates a hash value of the password & salt value and stores both of these in the

问题 I try to usung devise in my rails app. But i don't understand how can i give user functionality to change his password. I need a form with fields "old password", "new password" and "new password confirmation". How can i do it? If i use default devise form on "/profile" page <%= render :template => 'devise/passwords/edit', :locals => { :resource => my_user_model_variable, :resource_name => my_user_model_name } %> In user.rb contain line attr_accessible :email, :password, :password_confirmation