passwords

I have MD5 hashes of passwords in a database that I want to use against HTTP AUTH DIGEST. But in reading the docs, it looks like the digest hash contains a hash of the username,realm and plaintext password. Is there any way to use the MD5 hash of the password in this situation? No. If the hash they need is generated like so: MD5(username + realm + password) You are out of luck. If they are hashing the password like so: MD5(MD5(password) + username + realm) You'd be able to do that with just the hashed password. But it doesn't sound like that's what's going on. Remus Rusanu No, you have to

Hi I have a list of few hundred hosts. I want to run a command using ssh in a loop, if my ssh keys are set properly, then I execute a command if I get challenge for password I want to skip to the next host So lets say I have hosta and hostb and hostc. I can do a ssh to hosta & hostc , but hostb is challenging me for password. Is there a way to check if a hosts will challenge me for password or not? So my logic would be if I get challenge from $host; then skip host else ssh $host 'command' fi I hope this makes sense. Thanking you in advance for host in host1 host2 host3; do ssh -o

I have a program that uses System.DirectoryServices.AccountManagement.PrincipalContext to verify that the information a user entered in a setup screen is a valid user on the domain (the computer itself is not on the domain) and do some operations on the users of the domain. The issue is I do not want the user to need to enter his or her password every time they run the program so I want to save it, but I do not feel comfortable storing the password as plain-text in their app.config file. PrincipalContext needs a plain-text password so I can not do a salted hash as everyone recommends for

I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. Consider that it's not possible to modify this future system's password method and I need plain text passwords in order to have the passwords generated. The plan is to encrypt the user's password with a public key that is stored on the server. Authentication is done by encrypting the input and comparing the results. There is NO decryption done. The private key capable of the decryption is stored

I have installed MariaDB on Ubuntu LTS 16.04. Then I have run /usr/bin/mysql_secure_installation and set a root password. Accessing the DB via mysql -u root -p works fine. But checking the status with service mysql status opens a log file with this warning: [Warning] 'user' entry 'root@localhost' has both a password and an authentication plugin specified. The password will be ignored. The questions are: Is this a worry or completely normal? If this is a worry, how can I fix it? It is normal, if by saying "accessing the DB via mysql -u root -p works fine" you mean that you are running it while

I am looking for a open source component that can estimate strength of a password. Searching the web, I found this very interesting: https://github.com/lowe/zxcvbn (and for more details about it: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ ). What impressed me was the ability to analise the given password comparing to "common passwords, common American names and surnames, common English words, and common patterns like dates, repeats (aaa), sequences (abcd), and QWERTY patterns." Does anyone know something similar that can be used for an iOS/Mac app? If not,