Search Results

Search found 12796 results on 512 pages for 'password hash'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 19/512 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Contrary to Python 3.1 Docs, hash(obj) != id(obj). So which is correct?

    - by Don O'Donnell
    The following is from the Python v3.1.2 documentation: From The Python Language Reference Section 3.3.1 Basic Customization: object.__hash__(self) ... User-defined classes have __eq__() and __hash__() methods by default; with them, all objects compare unequal (except with themselves) and x.__hash__() returns id(x). From The Glossary: hashable ... Objects which are instances of user-defined classes are hashable by default; they all compare unequal, and their hash value is their id(). This is true up through version 2.6.5: Python 2.6.5 (r265:79096, Mar 19 2010 21:48:26) ... ... >>> class C(object): pass ... >>> c = C() >>> id(c) 11335856 >>> hash(c) 11335856 But in version 3.1.2: Python 3.1.2 (r312:79149, Mar 21 2010, 00:41:52) ... ... >>> class C: pass ... >>> c = C() >>> id(c) 11893680 >>> hash(c) 743355 So which is it? Should I report a documentation bug or a program bug? And if it's a documentation bug, and the default hash() value for a user class instance is no longer the same as the id() value, then it would be interesting to know what it is or how it is calculated, and why it was changed in version 3.

    Read the article

  • When is it safe to use a broken hash function?

    - by The Rook
    It is trivial to use a secure hash function like SHA256 and continuing to use md5 is reckless behavior. However, there are some complexities to hash function vulnerabilities that I would like to better understand. Collisions have been generated for md4 and md5. According to NIST md5() is not a secure hash function. It only takes 2^39th operations to generate a collision and should never be used for passwords. However SHA1 is vulnerable to a similar collision attack in which a collision can be found in 2^69 operations, where as brute force is 2^80th. No one has generated a sha1 collision and NIST still lists sha1 as a secure message digest function. So when is it safe to use a broken hash function? Even though a function is broken it can still be "big enough". According to Schneier a hash function vulnerable to a collsion attack can still be used as an HMAC. I believe this is because the security of an HMAC is Dependant on its secret key and a collision cannot be found until this key is obtained. Once you have the key used in a HMAC its already broken, so its a moot point. What hash function vulnerabilities would undermine the security of an HMAC? Lets take this property a bit further. Does it then become safe to use a very weak message digest like md4 for passwords if a salt is perpended to the password? Keep in mind the md4 and md5 attacks are prefixing attacks, and if a salt is perpended then an attacker cannot control the prefix of the message. If the salt is truly a secret, and isn't known to the attacker, then does it matter if its a appended to the end of the password? Is it safe to assume that an attacker cannot generate a collision until the entire message has been obtained? Do you know of other cases where a broken hash function can be used in a security context without introducing a vulnerability? (Please post supporting evidence because it is awesome!)

    Read the article

  • Secure method of changing a user's password via Python script/non-interactively

    - by Matthew Rankin
    I've created a Python script using Fabric to configure a freshly built Slicehost Ubuntu slice. In case you're not familiar with Fabric, it uses Paramiko, a Python SSH2 client, to provide remote access "for application deployment or systems administration tasks." One of the first things I have the Fabric script do is to create a new admin user and set their password. Unlike Pexpect, Fabric cannot handle interactive commands on the remote system, so I need to set the user's password non-interactively. At present, I'm using the chpasswd command to change the password. This transmits the password as clear text over SSH to the remote system. Questions Is my current method of setting the password a security concern? Currently, the drawback I see is that Fabric shows the password as clear text on my local system as follows: [xxx.xx.xx.xxx] run: echo "johnsmith:supersecretpassw0rd" | chpasswd. Since I only run the Fabric script from my laptop, I don't think this is a security issue, but I'm interested in others' input. Is there a better method for setting the user's password non-interactively? Another option, would be to use Pexpect from within the Fabric script to set the password. Current Code # Fabric imports and host configuration excluded for brevity root_password = getpass.getpass("Root's password given by SliceManager: ") admin_username = prompt("Enter a username for the admin user to create: ") admin_password = getpass.getpass("Enter a password for the admin user: ") env.user = 'root' env.password = root_password # Create the admin group and add it to the sudoers file admin_group = 'admin' run('addgroup {group}'.format(group=admin_group)) run('echo "%{group} ALL=(ALL) ALL" >> /etc/sudoers'.format( group=admin_group) ) # Create the new admin user (default group=username); add to admin group run('adduser {username} --disabled-password --gecos ""'.format( username=admin_username) ) run('adduser {username} {group}'.format( username=admin_username, group=admin_group) ) # Set the password for the new admin user run('echo "{username}:{password}" | chpasswd'.format( username=admin_username, password=admin_password) ) Local System Terminal I/O $ fab config_rebuilt_slice Root's password given by SliceManager: Enter a username for the admin user to create: johnsmith Enter a password for the admin user: [xxx.xx.xx.xxx] run: addgroup admin [xxx.xx.xx.xxx] out: Adding group `admin' (GID 1000) ... [xxx.xx.xx.xxx] out: Done. [xxx.xx.xx.xxx] run: echo "%admin ALL=(ALL) ALL" >> /etc/sudoers [xxx.xx.xx.xxx] run: adduser johnsmith --disabled-password --gecos "" [xxx.xx.xx.xxx] out: Adding user `johnsmith' ... [xxx.xx.xx.xxx] out: Adding new group `johnsmith' (1001) ... [xxx.xx.xx.xxx] out: Adding new user `johnsmith' (1000) with group `johnsmith' ... [xxx.xx.xx.xxx] out: Creating home directory `/home/johnsmith' ... [xxx.xx.xx.xxx] out: Copying files from `/etc/skel' ... [xxx.xx.xx.xxx] run: adduser johnsmith admin [xxx.xx.xx.xxx] out: Adding user `johnsmith' to group `admin' ... [xxx.xx.xx.xxx] out: Adding user johnsmith to group admin [xxx.xx.xx.xxx] out: Done. [xxx.xx.xx.xxx] run: echo "johnsmith:supersecretpassw0rd" | chpasswd [xxx.xx.xx.xxx] run: passwd --lock root [xxx.xx.xx.xxx] out: passwd: password expiry information changed. Done. Disconnecting from [email protected]... done.

    Read the article

  • Cant install software

    - by user53209
    So I just installed the ubuntu 11.10 .. And when i goto software center and try to download any software(use source).. all i get is a window saying that "Failed to download repository information" , "check your internet connection" and W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_restricted_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_universe_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_multiverse_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch htt p ://archive.ubuntu.com/ubuntu/dists/oneiric/main/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_main_i18n_Index , W:Failed to fetch http ://archive.ubuntu.com/ubuntu/dists/oneiric/multiverse/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_multiverse_i18n_Index , W:Failed to fetch htt ://archive.ubuntu.com/ubuntu/dists/oneiric/restricted/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_restricted_i18n_Index , W:Failed to fetch ht tp://archive.ubuntu.com/ubuntu/dists/oneiric/universe/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric_universe_i18n_Index , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_main_source_Sources Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_restricted_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_universe_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_multiverse_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch h tp://archive.ubuntu.com/ubuntu/dists/oneiric-updates/main/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_main_i18n_Index , W:Failed to fetch h ttp://archive.ubuntu.com/ubuntu/dists/oneiric-updates/multiverse/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_multiverse_i18n_Index , W:Failed to fetch ht tp://archive.ubuntu.com/ubuntu/dists/oneiric-updates/restricted/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_restricted_i18n_Index , W:Failed to fetch htt p://archive.ubuntu.com/ubuntu/dists/oneiric-updates/universe/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-updates_universe_i18n_Index , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_main_source_Sources Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_restricted_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_universe_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_multiverse_binary-i386_Packages Hash Sum mismatch , W:Failed to fetch h ttp://archive.ubuntu.com/ubuntu/dists/oneiric-backports/main/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_main_i18n_Index , W:Failed to fetch h ttp://archive.ubuntu.com/ubuntu/dists/oneiric-backports/multiverse/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_multiverse_i18n_Index , W:Failed to fetch ht tp://archive.ubuntu.com/ubuntu/dists/oneiric-backports/restricted/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_restricted_i18n_Index , W:Failed to fetch ht tp://archive.ubuntu.com/ubuntu/dists/oneiric-backports/universe/i18n/Index No Hash entry in Release file /var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-backports_universe_i18n_Index , W:Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_oneiric-security_main_source_Sources Hash Sum mismatch , E:Some index files failed to download. They have been ignored, or old ones used instead." Neglect the http typos, its to evade the 2 hyperlink.. I tried making a file in the apt.conf.d folder also, and added proxy entries, also set the system proxy.. and also the "network proxy", but nothing works.. And now I cant install any software!! Help needed

    Read the article

  • Windows Web Server 2008 R2 Server Core local password complexity

    - by Dennis Allen
    How can I disable the local user account password complexity settings on Windows 2008 R2 "Server Core"? I am trying to migrate our windows 2003 web server to windows 2008 R2. I am trying to see if I can use the "Server Core" install, and it has been a very internet search intensive experience. What I can't find out how to do is to find out how to disable password complexity for local user accounts. While our user account generator currently creates nice strong passwords, there was a time when this was not the case and unfortunately forcing the users to change their password is not an option at this time. Any help greatly appreciated. Dennis

    Read the article

  • Changing postgres user password in a master-slave setup

    - by NRS
    We have PITR setup and WAL shipping enabled. We would like to change the password for the user postgres. The process is simple enough. However, since we cannot connect to the SLAVE how would we make sure all passwords are in synch? Would temporarily disabling WAL shipping allow me to connect to the slave to change the password there? I cant seem to find documentation on a clean way to implement this password change and I don't have a test environment.

    Read the article

  • Prevent password leakage while using sql* loader

    - by Jai
    I have shell script calling Sql*loader utility which inturn uses username/password as arguments. This details cannot be stored on server in any form due to security related policies. i got 2 approaches to handle this situation, 1. create hidden parameter file with login details and limit the access to owner. again the implication is i cannot store login data in any format on server 2. Create the user as OS authenticated and straight away login into sql without any userid/password I am not able to figure out risks involved in 2nd approach which u experienced folks could have come across. let me know if there is any other approach to handle password leakage issue

    Read the article

  • Retrieving text from password field [python][pyqt4]

    - by Dr. Johnson
    def welcomeStage (self): self.test = QtGui.QLineEdit (self) self.test.move (50, 150) QtCore.QObject.connect (self.test, QtCore.SIGNAL ('returnPressed()'), self.passwordStage) def passwordStage (self): self.email = self.test.text() self.test.clear() self.test.setEchoMode (QtGui.QLineEdit.Password) QtCore.QObject.connect (self.test, QtCore.SIGNAL ('returnPressed()'), self.loginStage) def loginStage (self): self.pwd = self.test.text() print self.pwd if len (self.pwd) < 0: welcomeStage () return Simply put, I am making a login form. The user enters their email, then the text field is cleared and echo mode is set to Password mode. The text() function returns the email fine, but when I call text() after I have changed the echo mode, it returns 0. I've been pouring over the documentation looking for anything regarding the text() function and how it operates when Password mode is on, however I have not found anything. Does anybody know how this is done?

    Read the article

  • GnuPG Shell Script - Refuses to read password

    - by OopsForgotMyOtherUserName
    The script below used to work on Mac OS X, but, since moving it to Ubuntu, it doesn't seem to read from the password file at all. Even when I run it from the command line, no matter what I do, I get a popup prompt asking me for the password. As this will run via cron, I don't want this to happen... I want it to read the password from the file with no prompt. To note, I did try using passphrase-fd and passphrase-file, neither of which worked... #!/bin/sh p=$(<pass.txt) set -- $p pass_phrase=$1 destination="/var/www/decrypted" cd /var/sl_bin/ for FILE in *.pgp; do FILENAME=${FILE%.pgp} gpg --passphrase "$pass_phrase" --output "$destination/$FILENAME" --decrypt "$FILE" rm -f $FILE done

    Read the article

  • MySQL Password Not Working

    - by 01010011
    Hi, When I enter my password into MySQL Command Line Client, it rejects my password, gives 1 beep and closes the window. Can anyone provide me with a basic troubleshooting list of steps (from simple to progressively more technical) to regain entry into MySQL once and for all. Also, can anyone tell me what can cause my password to suddenly be rejected? I am also running XAMPP and the MySQL service is both installed and running. Thanks in advance. I remember when I first got this problem some months ago, if I recall correctly, I solved it by starting the MySQL service from Windows XP's Administrative Tool (something I did stopped the MySQL service and to this day I don't know what it was). Now the problem has started back again but this time, when I checked Services, the MySQL service was already 'started'. Any assistance will be appreciated. Thanks

    Read the article

  • Password protect web pages on Windows CE 6

    - by Chris
    I am using the default web server for WinCE 6 and wish to password protect certain folders. The default VROOT /remoteadmin/ is password protected, and this works but my configuration doesn't work. I have tried mimicking these settings on my own folders but to little success. Here is how one looks: In the HKLM\Comm\HTTPD\VROOTS key I have created a subkey called /web/configuration (this folder actually exists on the box). The following values are in this key A = 1 DefaultPage = config.html Path = /hard disk/webroot/web/configuration/ UserList = ADMIN This is nigh on identical to the settings in /RemoteAdmin/ but /RemoteAdmin/ requests a password and /web/configuration doesn't (even after reboot).

    Read the article

  • Does Oracle re-hash the driving table for each join on the same table columns?

    - by thecoop
    Say you've got the following query on 9i: SELECT /*+ USE_HASH(t2 t3) */ * FROM table1 t1 -- this has lots of rows LEFT JOIN table2 t2 ON t1.col1 = t2.col1 AND t1.col2 = t2.col2 LEFT JOIN table3 t3 ON t1.col1 = t3.col1 AND t1.col2 = t3.col2 Due to 9i not having RIGHT OUTER HASH JOIN, it needs to hash table1 for both joins. Does it re-hash table1 between joining t2 and t3 (even though it's using the same join columns), or does it keep the same hash information for both joins?

    Read the article

  • How to Access Your Router If You Forget the Password

    - by Chris Hoffman
    Routers protect their web interfaces, where you can configure their networking, parental control, and port forwarding settings, with a username and password. These default passwords can be changed to protect the router’s settings. If you’ve forgotten a router’s password – or if you acquired a used router and don’t know its password – there’s a way to reset the password. You may also be able to forward ports without knowing the password. Image Credit: tnarik on Flickr How to Access Your Router If You Forget the Password Secure Yourself by Using Two-Step Verification on These 16 Web Services How to Fix a Stuck Pixel on an LCD Monitor

    Read the article

  • Weird .htaccess password request that I didn't make...

    - by Dixon Crews
    Okay. So I went on a trip, came back, and suddenly, a website that I was working on is now asking for a username and password á la .htaccess. Thing is, I never made this happen and there is no .htaccess file anywhere to be found. Here is the site: link I didn't buy the template from omegathemes.com, whatever that is. And when you go there, it asks for the same kind of user and password. Any help?

    Read the article

  • Qt - Password field

    - by Narek
    Is there any Qt-built-in method to warn user (with pop-up window) that CapsLock is switched on while password field is active? I am using for passford field QLineEdit (is it good?) with setEchoMode(QLineEdit::Password).

    Read the article

  • Store password temporarily in memory

    - by Nils
    Hello, I'm looking for a way in an Android application to store a password within the memory as long as the application is running (cf. different activities). I was first thinking about the SharedPreferences, but then it's saved in the flash memory, which isn't that good for a password, I guess. I'm unsure, what's the best way. What would you recommend me?

    Read the article

  • SIMPLEST way to set up password protection for a static site, with basic admin UI?

    - by Joseph Turian
    I have a static site. I would like the simplest approach to password protecting a directory, with a basic admin UI for adding/removing users. I will have so few users that I don't care about performance. I don't care if it's PHP or Django or whatever, I just want a complete software package. Apache basic auth isn't good, because you can't log out. Nor is there a UI for adding users. I tried throwing everything behind Django auth and serving the files through Django. However, Chrome treats all my text/css headers as text/plain, so I don't get any stylesheets showing. I can't use mod_xsendfile on my server because I can't reconfigure Apache to add new modules. I think this approach is overkill anyway. I can try configuring Nginx's X-Accel-Redirect, however that requires implementing all the Django code for auth myself, and I'd prefer an existing solution. However, this is my backup plan. Is there a code package that implements authentication with basic admin for a static site?

    Read the article

  • convert password encryption from java to php

    - by Obay
    I'm trying to create a PHP version of an existing JSP program, however I'm stuck at the password encryption part. Could you please tell me how to convert this one? I know it tries to get the md5() but after that, I don't get it. I get lost in the Stringbuffer and for() parts. Can you help me out? public static String encryptPassword( String password ) { String encrypted = ""; try { MessageDigest digest = MessageDigest.getInstance( "MD5" ); byte[] passwordBytes = password.getBytes( ); digest.reset( ); digest.update( passwordBytes ); byte[] message = digest.digest( ); StringBuffer hexString = new StringBuffer(); for ( int i=0; i < message.length; i++) { hexString.append( Integer.toHexString( 0xFF & message[ i ] ) ); } encrypted = hexString.toString(); } catch( Exception e ) { } return encrypted; }

    Read the article

  • Cookies not working for password-protected Pages on WordPress

    - by KaOSoFt
    Initially I had the issue reported in this question. Now, what I noticed is that there are some browsers that accept the password, and there are some which don't. Difference? For some reason the cookie is generated when I log in into the Administration module, but it isn't when I write down the password to access the page, forcing it to simply reload. I can see the cookie created for the log-in, but I can see none for the password-protected Page. These happens on Internet Explorer, both version 7 and 8; only on some machines, though, but most of them fail this. I already tried white-listing the URL, and even letting it accept ALL cookies, to no avail. What may be the cause? If perhaps it's got something to do with question above, please help me! Thanks in advance. PS: If you know of another, cookie-free method to make a simple authentication, please link me to it. Thanks. Oh, and by the way, this is inside an Intranet with static, class C IPs.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >