All Questions
13
questions
0
votes
3
answers
342
views
Providing password review results to auditors
The IT Security department is getting audited and the auditor had approached our IT Security team and requests to see results of the password review process, which compares existing database of ...
- 1
3
votes
1
answer
1k
views
Are there any known vulnerabilities in libre office password protection for *.odt files?
I was looking for a source to determine the safety of password protection in libre office. The thread at ask.libreoffice.org suggest its save to use. However the thread is rather old and it is hosted ...
- 173
0
votes
2
answers
454
views
Is this passwordless authentification system is less secure than big websites authentifications?
I develop a web and mobile Application, managed by my REST API server (SSL with Strict-Transport-Security enabled).
I don't believe anymore in the classic login/password authentification method (1)(2)(...
- 157
4
votes
1
answer
222
views
Common passwords among servers/web sites on a development platform
I have been involved in a discussion about the use of a standard user name and password within a development environment and would appreciate comments:
The single development server holds a number of ...
- 141
1
vote
2
answers
252
views
Store password in Public Domain using files and md5sum
Whenever I check integrity of a file using md5sum, I get a string of alphanumeric characters to compare and verify if it was downloaded correctly.
Couldn't the concatenation of several of those ...
- 129
4
votes
2
answers
2k
views
Protect password/authenticating during transit over (insecure) TCP socket for a game
Background
I am designing a multi-player game with a single server that handles multiple worlds. Each player logs into the server initially before requesting which world to join.
The server has a ...
- 143
8
votes
3
answers
3k
views
Is SpiderOak truly “zero-knowledge”?
I've recently changed SpiderOak password on computer A. Because I have SpiderOak installed on computer B as well, I thought I will have to update the password on it so the application can connect to ...
- 83
6
votes
3
answers
1k
views
Websites Forcing Weak Password Standards (Updated) [duplicate]
Please Note: I am not going to name the websites which have these horrible standards for their clients and users.
I have had to change my passwords for my routine update just recently in the last few ...
- 906
10
votes
5
answers
4k
views
Storing Old Password History and Information
Google, Facebook, Twitter, and several other services still knows the older passwords which we used on our accounts. At times, I can not reuse the same password as I have. Then with Google, if I type ...
- 906
2
votes
1
answer
13k
views
How to crack SHA512 hexdigest passwords with John the Ripper?
I've been playing with John The Ripper (JtR) to try to crack/audit a salted password that was hashed with SHA-512, with 20 interactions according to the source (for the curious, this is a Rails app, ...
- 121
5
votes
2
answers
4k
views
Finding out whether a website uses unsalted MD5 for password hashing
I'm working on a project where websites are analyzed and rated according to password security (factors like min/max password length, alphabet size and more are then calculated into a score).
A great ...
- 346
2
votes
3
answers
3k
views
Why would you do a password audit
I was thinking last night after reading an article about pen testing and security audits, why would you get a list of all the passwords for the company you are auditing and put them through a piece of ...
- 435
2
votes
1
answer
341
views
Detecting Key Loggers
We know that key loggers are the most effective and most annoying means of getting compromised over login id/password on the web or any application.... and your whole privacy is breached.
Is there ...
- 563