passwords

I want to set up a system where I am allow to migrate encrypted password (hash password), from one system to another. How would i do this? Say 2 month down the line, i found a encryption that is 10 times better and the current hash function has been proven without a doubt, totally vulnerable. How would I go about migrating user password from one type of hash to another (the better one). You can slowly migrate from a method to another using the following technique. I cannot guarantee its quality so please take it with a grain of salt (pun not intended). For example, consider the following table

I need to do this following password validation in Java Must be at least 8 characters in length Must contain at least 1 number Must contain at least 1 upper case letter Must contain at least 1 lower case letter Cannot contain 3 or more consecutive characters from your full name or your username (e.g. If your name is Will you couldn't have the password Stiller458 ) I have the first 4 points, how do I do the last one? Currently I have: String pattern = "^(?=.*[^a-zA-Z])(?=.*[a-z])(?=.*[A-Z])\\S{8,}$"; boolean passwordValidation = originalPassword.matches(pattern); For your 1,2,3,4 case ^(?=.*\d)

I've decided to implement a user login using a per-user salt, stored in the database. The salt is prefixed to a password which is hashed with SHA and stored in the databse. In the past when I wasn't using a salt I would use the typical method of counting the number of rows returned by a query using the user inputted username and password. With a per user salt however, you need to get the salt before you can compare it with the stored password hash. So to avoid having two queries (1 to get the salt and another to validate the input credentials) I decided to get the salt AND the hashed password

I'm an independent developer of a password manager app. What should I do, or what should I implement (interface/API/Service), to make my app an Autofill service provider (in a device with Android Oreo API >= 26)? I have read all kinds of related documentation, but I can't understand how to do this. Am I missing something? At the moment I see that only well-known password managers support this feature: Any hints are welcome. As usual, Google's own examples repository provides a good starting point for learning the Autofill Framework's API, and covers much more material than I can fit into an

I am making an application in Java and I want to allow users to encrypt a file (or folder - I'd zip the directory) using a password of their choice. I currently have the following method(s): static Cipher createCipher(int mode, String password) throws Exception { PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey key = keyFactory.generateSecret(keySpec); MessageDigest md = MessageDigest.getInstance("MD5"); md.update("input".getBytes()); byte[] digest = md.digest(); byte[] salt = new byte[8]; for

So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons: 1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does not really satisfy me. 2) Alice's new password is sent back to her in cleartext. I would rather send her a special link to my page (e.g. a page like example.com/recovery.aspx?P=lfaj0831uefjc), which would let her change her password. I imagine I could do this myself by creating some sort of table of expiring password recovery pages and sending

For password encryption I want to use ProtectedData . As far as I found out, this is a wrapper for CryptProtectData . The MSDN only states something vague about encryption based on user credentials and that decryption usually must be done on the same machine, if user has no roaming profile. Which encryption algorithm does it use? Is there any analysis that states whether this encryption is suiting for password storage? How else to implement a local password storage? This MSDN article has more information about CryptProtectData and DPAPI , and should contain the information you need. In