Search Results

Search found 15110 results on 605 pages for 'master password'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/605 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • Master Degree in MIS for computer science student

    - by tnhan07
    I'm junior student in computer science. After taking half of my major related courses, I found that I don't like this theoretical side of IT. As a result, I decided that I would devote my career to CIS/MIS because it is more interesting. However, some veteran programmers in this forum said that having a strong computer science foundation would help much for CIS. Therefore, I think it's better for me to complete my CS degree then have a Master Degree in MIS than have a minor in MIS. After some internet searching, I found that top universities(in my reach) offering master degree in CIS/MIS are all business schools, is there any obstacle for a CS student who lacks of business knowledge like me if I study in these schools? Do you have any advice for me?

    Read the article

  • Google I/O 2012 - A Master Class in Map Styling

    Google I/O 2012 - A Master Class in Map Styling Scott Shawcroft, Jonah Jones Custom Styled Maps allow developers to customize the look and feel of the underlying Google Maps tiles. This makes it really easy to make a great looking map. You can tailor your map to your message, to your color scheme, or to help emphasize your data. In this class, master maps designers will help you build beautiful, elegant styles that make your maps work for you. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 23 0 ratings Time: 38:21 More in Science & Technology

    Read the article

  • how to really master a programming language

    - by cprogcr
    I know that learning a language, you can simply buy a book, follow the examples, and whenever possible try the exercises. But what I'm really looking is how to master the language once you've learned it. Now I know that experience is one major factor, but what about learning the internals of the language, what is the underlying structure, etc. There are articles out there saying read this book, read that book, make this game and that game. But to me this doesn't mean to master a language. I want to be able to read other people's code and understand it, no matter how hard that is. To understand when to use a function and when another, etc etc. The list could go on and on but I believe I've made the point. :) And finally, take whatever language as an example if needed, though best would be if C was taken as an example.

    Read the article

  • How to install Adobe Master Collection CS6 in Ubuntu 12.10

    - by Shadow
    I have Dell Inspiron 1545 Laptop with Windows 7 installed on it.Also I have installed Ubuntu 12.10 on a separate drive.I want to install Adobe Master Collection CS6 on Ubuntu 12.10.I tried using wine but what wine does is,it just installs the software & doesn't allow me to use it.While I click on any Adobe product say Adobe Photoshop & hit enter to run it it pops out an error message. How should I tackle this?Is there any other software apart from virtual Machine Ware or Wine to install & successfully run Adobe Master Collection CS6 in Ubuntu 12.10?

    Read the article

  • SCRUM PREREQUISITES [closed]

    - by Ranna
    I have just started working as scrum-master for a small team. I am new for it. I have following doubts in my mind. I just wanted to know what are the pre-requisites that scrum-master should take care of? Why a scrum is called empirical process ? Do SCRUM only applies to a IT department related product planning ? How one can split User-Stories into sub-userstories ? And do scrum-master is responsible for that ? Is there any eligibility for being a scrum-master ? How one can acheive scrum-certification? Thanks in advance.

    Read the article

  • How can I really master a programming language?

    - by cprogcr
    I know that learning a language, you can simply buy a book, follow the examples, and whenever possible try the exercises. But what I'm really looking is how to master the language once you've learned it. Now I know that experience is one major factor, but what about learning the internals of the language, what is the underlying structure, etc. There are articles out there saying read this book, read that book, make this game and that game. But to me this doesn't mean to master a language. I want to be able to read other people's code and understand it, no matter how hard that is. To understand when to use a function and when another, etc etc. The list could go on and on but I believe I've made the point. :) And finally, take whatever language as an example if needed, though best would be if C was taken as an example.

    Read the article

  • Master Data Management - The Trend Towards Multi-Domain and Other Realities

    - by Mala Narasimharajan
    In my quest to keep my fingers on the pulse of MDM, I recently found a pretty interesting article.  The article was published in Information Week and provides some interesting statistics from a recent survey conducted by the analyst firm, The Information Difference.  Let's take a look: Of the 130 organizations surveyed, 53% have live operational MDM implementations 81% of those with live operational MDM implementations report broad success - a huge improvement over 2011's 54% 64% developed a business case prior to their MDM deployment, while a daring 32% went ahead without a business case.    The article goes on to talk about the shift in vendors from focusing on customer data and product information management to one that is oriented around multi-domain master data management as well as other realities around MDM.  Take a look at the article. For more information on Oracle's master data management suite, click here. 

    Read the article

  • Hadoop:Only master node does the work

    - by user287722
    I've setup a Hadoop 2.2 cluster with 1 master node(namenode and secondary namenode) and 3 slave nodes(datanode and namenode on each one).All of the machines use Linux Mint 64bit. When I run my MapReduce program, writen in Java, I can only see that master node is using extra CPU and RAM. Slave nodes are not doing a thing. I've checked the logs from all of the namenodes and there is nothing wrong with the namenodes on slave nodes. Resource Manager is running and all of the slave nodes can see the Resource Manager. I used this http://n0where.net/hadoop-2-2-multi-node-cluster-setup/ tutorial to configure my nodes. Datanodes are working in terms of distributed data storing but I can't see any indication of distributed data processing. Do I have to configure the xml configuration files in some other way so all of the machines will process data while I'm running my MapReduce Job?

    Read the article

  • Creating ASP.NET 3.5 Admin Pages using a Query String in a Master Page

    This is the continuation of part one which ran on Tuesday of last week. After deleting the styles lt style type= text css gt in the head section of MasterPage.master you will need to create an external CSS to solve the relative URL problems in the website. This will ensure that the background images and links work according to the master page design. This article will explain how to do this and more.... Comcast? Business Class - Official Site Learn About Comcast Small Business Services. Best in Phone, TV & Internet.

    Read the article

  • Club Platinum 2010 ??! ~???:???????~

    - by Urakawa
    ?????Platinum Club??????????Platinum Club???ORACLE MASTER Platinum??????????????????????????????????????Platinum Club?????????????Club Platinum?(????????)????5?19??????????!   ??????Oracle Database?????????????????????????? ?????????? ?????????? ?????? ?? ???????????Platinum????????????????????????? ???????????????????3?????????(?????????? ?? ????? ????? ?????????????!)????Oracle?????! DB????????Oracle Database/Exadata ??7???????????3???????!?????????????????????????????? ???????Oracle Database 11g R2?????????ASM????????????(ACFS)???RAC One Node??????????????????????????USB???????????ACFS???????????!????????!????????!?????????????????????   ???????Oracle Exadata??Exadata Smart Flash Cache???Data Loading?????US?Oracle Corporation???????????????????????Smart Flash Cache??????DB?Flash Cache?????Data Loading????????????????????????????????????!??Tips???!?????????????????????????????????????????????????Oracle??????????????????????????!Oracle?????? Inside the Oracle Optimizer Kevin Closson's Oracle Blog   ???????????Oracle Exadata??Exadata Smart Scan???Exadata Hybrid Columnar Compression?????????????????????????????????????????????????????????????????????·?????????????IT?????????????????????????????????????????????????Oracle Database 11g: Real-Time SQL Monitoring?SQL Monitor active report?????????????!?????????   ????????!???????????????!????????????????????Platinum Club????????????????????????????Oracle Exadata??????????????????????????????????????????????????????m(_ _)m?????? Oracle Database 11g R2 ??????(PDF) (Platinum Club????)   ???????ORACLE MASTER??????????ORACLE MASTER?????????????????? ??????? ?????????????????ORACLE MASTER???update????????????Oracle Exadata?????????????!?Oracle Database 11g???????????????ORACLE MASTER Expert????Oracle E-Business Suite???DBA??????????????????????????????????????????Blog????????????????????????????   ????1????????????????????????????????Platinum of the Year????!~???~

    Read the article

  • Old operational master still thinks it is the "one"

    - by Doug
    Hi there, I have a domain with 3 AD servers for now i'll just call them: AD01 (Win 2008 GC, Operations master) AD02 (Win 2008 GC) AD03 (Win 2003 GC) A couple of months there was some hardware issues with AD01 so the operations master, PDC and Infrastructure Master was moved to AD02. All machines where on while this was happening. AD01 (Win 2008 GC) AD02 (Win 2008 GC, Operations master) AD03 (Win 2003 GC) AD01 was then shutdown for a month. Upon starting this machine up with replaced hardware (NIC and RAID card) i now have a weird problem. AD01 Thinks it is operations master still in AD on the local box AD02 & AD03 Thinks AD02 is operations master in AD on both boxes When running DCDIAG on AD01 i get a number of issues (listed below) When running "dcdiag /test:advertising" on AD01: Doing primary tests Testing server: Default-First-Site-Name\AD01 Starting test: Advertising Warning: DsGetDcName returned information for \\ad02.domain.local, when we were trying to reach AD01. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... AD01 failed test Advertising Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : domain Running enterprise tests on : domain.local When running "dcdiag" on AD01 i get the following errors (excerpt of the Final output): Testing server: Default-First-Site-Name\AD01 Starting test: Advertising Warning: DsGetDcName returned information for \\ad02.domain.local, when we were trying to reach AD01. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... AD01 failed test Advertising Starting test: FrsEvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. Starting test: NCSecDesc Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=domain,DC=local Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=domain,DC=local Starting test: Replications [Replications Check,Replications Check] Inbound replication is disabled. To correct, run "repadmin /options AD01 -DISABLE_INBOUND_REPL" [Replications Check,AD01] Outbound replication is disabled. To correct, run "repadmin /options AD01 -DISABLE_OUTBOUND_REPL" So the problem appeasr to be that when i moved the operations master, AD01 never got the memo, and now that it's started up, all the other AD servers don't think its the boss anymore when it trys to replicate etc. So i really need to manually update AD01 so that it knows who the operations master, instrastructure and PDC is - but i'm not having any luck I've been googling for nearly a day and all solutions lead to "the cake is a lie" Your ninja skills will be greatly appreciated

    Read the article

  • How do you change the subdocument location in a Word 2007 master document programmatically?

    - by boost
    We have had the unenviable happen: various master documents refer to sub-documents that are no longer where they used to be due to a directory renaming. Is there a programmatic way of tweaking the HYPERLINK field without losing the master/sub-document relationship? I've got this far ... Sub FixyaLinks() Dim s 'As String Dim i As Long Dim bTrackRevFlag As Boolean Dim bShowRevFlag As Boolean bTrackRevFlag = ActiveDocument.TrackRevisions bShowRevFlag = ActiveDocument.ShowRevisions ActiveDocument.TrackRevisions = False ActiveDocument.ShowRevisions = False For i = 1 To ActiveDocument.Fields.Count s = ActiveDocument.Fields.Item(i).Code.Text If InStr(s, "CURRICULUM\\NEW") Then s = Replace(s, "NEW Foundation Units-in developing", "Foundation Programme Units") ActiveDocument.Fields.Item(i).Code.Text = s End If Next ActiveDocument.TrackRevisions = bTrackRevFlag ActiveDocument.ShowRevisions = bShowRevFlag End Sub It bombs on ActiveDocument.Fields.Item(i).Code.Text = s, with an error 5686 ("The operation cannot be completed because the Track Changes option in the master document does not match the option the the subdocument. Make the Track Changes option the same in the master document and subdocument.") However, I'm not entirely sure what that means. Ideas anyone?

    Read the article

  • What's a good Java-based Master-Slave communication mechanism?

    - by plecong
    I'm creating a Java application that requires master-slave communication between JVMs, possibly residing on the same physical machine. There will be a "master" server running inside a JEE application server (i.e. JBoss) that will have "slave" clients connect to it and dynamically register itself for communication (that is the master will not know the IP addresses/ports of the slaves so cannot be configured in advance). The master server acts as a controller that will dole work out to the slaves and the slaves will periodically respond with notifications, so there would be bi-directional communication. I was originally thinking of RPC-based systems where each side would be a server, but it could get complicated, so I'd prefer a mechanism where there's an open socket and they talk back and forth. I'm looking for a communication mechanism that would be low-latency where the messages would be mostly primitive types, so no serious serialization is necessary. Here's what I've looked at: RMI JMS: Built-in to Java, the "slave" clients would connect to the existing ConnectionFactory in the application server. JAX-WS/RS: Both master and slave would be servers exposing an RPC interface for bi-directional communication. JGroups/Hazelcast: Use shared distributed data structures to facilitate communication. Memcached/MongoDB: Use these as "queues" to facilitate communication, though the clients would have to poll so there would be some latency. Thrift: This does seem to keep a persistent connection, but not sure how to integrate/embed a Thrift server into JBoss WebSocket/Raw Socket: This would work, but require a lot more custom code than I'd like. Is there any technology I'm missing? Edit: Also looked at: JMX: Have the client connect to JBoss' JMX server and receive JMX notifications for bidirectional comms.

    Read the article

  • How should I ethically approach user password storage for later plaintext retrieval?

    - by Shane
    As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

    Read the article

  • How can I make my password fields always empty?

    - by ggfan
    I have a form field where users can change their passwords, but if they set their settings to remember passwords, their password shows up. Is there a way to make the field always empty? So that they always have to type their password. <label for="oldpassword" class="styled">Old password:</label> <input type="password" id="oldpassword" name="oldpassword"/><br />

    Read the article

  • --log-slave-updates is OFF but updates received from master are still logged to slave binary log?

    - by quanta
    MySQL version 5.5.14 According to the document, by the default, slave does not log to its binary log any updates that are received from a master server. Here are my config. on the slave: # egrep 'bin|slave' /etc/my.cnf relay-log=mysqld-relay-bin log-bin = /var/log/mysql/mysql-bin binlog-format=MIXED sync_binlog = 1 log-bin-trust-function-creators = 1 mysql> show global variables like 'log_slave%'; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | log_slave_updates | OFF | +-------------------+-------+ 1 row in set (0.01 sec) mysql> select @@log_slave_updates; +---------------------+ | @@log_slave_updates | +---------------------+ | 0 | +---------------------+ 1 row in set (0.00 sec) but slave still logs the updates that are received from a master to its binary logs, let's see the file size: -rw-rw---- 1 mysql mysql 37M Apr 1 01:00 /var/log/mysql/mysql-bin.001256 -rw-rw---- 1 mysql mysql 25M Apr 2 01:00 /var/log/mysql/mysql-bin.001257 -rw-rw---- 1 mysql mysql 46M Apr 3 01:00 /var/log/mysql/mysql-bin.001258 -rw-rw---- 1 mysql mysql 115M Apr 4 01:00 /var/log/mysql/mysql-bin.001259 -rw-rw---- 1 mysql mysql 105M Apr 4 18:54 /var/log/mysql/mysql-bin.001260 and the sample query when reading these binary files with mysqlbinlog utility: #120404 19:08:57 server id 3 end_log_pos 110324763 Query thread_id=382435 exec_time=0 error_code=0 SET TIMESTAMP=1333541337/*!*/; INSERT INTO norep_SplitValues VALUES ( NAME_CONST('cur_string',_utf8'118212' COLLATE 'utf8_general_ci')) /*!*/; # at 110324763 Did I miss something?

    Read the article

  • change password code error.....

    - by shimaTun
    I've created a code to change a password. Now it seem contain an error.before i fill the form. the page display the error message: Parse error: parse error, unexpected $end in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 222 this the code: <?php # userChangePass.php //this page allows logged in user to change their password. $page_title='Change Your Password'; //if no first_name variable exists, redirect the user if(!isset($_SESSION['nameuser'])){ header("Location: http://" .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF'])."/index.php"); ob_end_clean(); exit(); }else{ if(isset($_POST['submit'])) {//handle form. require_once('connectioncomplaint.php'); //connec to the database //check for a new password and match againts the confirmed password. if(eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))){ if($_POST['password1'] == $_POST['password2']){ $p =escape_data($_POST['password1']); }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Your password did not match the confirmed password!</font></p>'; } }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Please Enter a valid password!</font></p>'; } if($p){ //if everything OK. //make the query $query="UPDATE access SET password=PASSWORD('$p') WHERE userid={$_SESSION['userid']}"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; //include('templates/footer.inc');//include the HTML footer. exit(); }else{//if it did not run ok $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } mysql_close();//close the database connection. }else{//failed the validation test. echo '<p><font color="red" size="+1"> Please try again.</font></p>'; } }//end of the main Submit conditional. ?> And code for form: <h1>Change Your Password</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <p><b>New Password:</b><input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers.Must be between 4 and 20 characters long.</small></p> <p><b>Confirm New Password:</b><input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"> <input type="submit" name="submit" value="Change My Password" /></div> </form><!--End Form-->

    Read the article

  • How to manually start and re-start Apache with mod_wsgi powering a password protected Python WSGI app?

    - by Mahmoud Abdelkader
    I'm working on a project where I have to meet some regulatory requirements that require at least 3 out of 5 authorized users to start a backend web service that handles very sensitive information using pre-assigned passwords. Right now, the prototype has been approved and is running using Python's wsgiref.simple_server(), which I have programmed to manually prompt for the passwords. Now that the prototype has been approved, I have to migrate the web application to a production environment where I will need to run it behind Apache and mod_wsgi. I have two questions: Right now, I use a thin Python wrapper around expect to programmatically allow for remote password entry. How do I get Apache to prompt me for a password before starting? Will this have to be in the app.wsgi script that's executed by mod_wsgi? How would that work since Apache daemonizes, and thus, has no stdin! Will I have to worry about some type of code reload? Apache probably has some maximum number of requests before it kills and restarts another worker process, but, would this require a password prompt as well?

    Read the article

  • What's the best way to get a stored POP3 password out of Outlook 2007?

    - by Tom Morris
    If you have a password for a POP3 account in Outlook 2007 (Windows 7 Home Premium) and you then forget the password, how do you retrieve it? I tried copy-and-paste. No go. I downloaded Mail PassView, but upon installing it, AVG said it was malware, so I removed it. I eventually found the account details by opening up RegEdit, and found it in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ (...) but it was encoded in REG_BINARY. I Googled around and found various Visual Basic routines for decoding it but being a Unix dork I had absolutely no idea what to do with said scripts. By this point, I gave up and managed to get hold of the password by another means (it was written down on a piece of paper in the briefcase of the owner of the account - I know, it makes the inner sysadmin rage). I also attempted to write a simple POP3 server in Python and then get Outlook to log on to it, but that didn't really work out (it was about 4am at that point). For future reference, is there an easy and sensible way of doing this? Is Mail PassView actually evil spyware or was AVG just giving me a false positive? (Any chance of Windows 8 having something like OS X's Keychain?)

    Read the article

  • How can I estimate the entropy of a password?

    - by Wug
    Having read various resources about password strength I'm trying to create an algorithm that will provide a rough estimation of how much entropy a password has. I'm trying to create an algorithm that's as comprehensive as possible. At this point I only have pseudocode, but the algorithm covers the following: password length repeated characters patterns (logical) different character spaces (LC, UC, Numeric, Special, Extended) dictionary attacks It does NOT cover the following, and SHOULD cover it WELL (though not perfectly): ordering (passwords can be strictly ordered by output of this algorithm) patterns (spatial) Can anyone provide some insight on what this algorithm might be weak to? Specifically, can anyone think of situations where feeding a password to the algorithm would OVERESTIMATE its strength? Underestimations are less of an issue. The algorithm: // the password to test password = ? length = length(password) // unique character counts from password (duplicates discarded) uqlca = number of unique lowercase alphabetic characters in password uquca = number of uppercase alphabetic characters uqd = number of unique digits uqsp = number of unique special characters (anything with a key on the keyboard) uqxc = number of unique special special characters (alt codes, extended-ascii stuff) // algorithm parameters, total sizes of alphabet spaces Nlca = total possible number of lowercase letters (26) Nuca = total uppercase letters (26) Nd = total digits (10) Nsp = total special characters (32 or something) Nxc = total extended ascii characters that dont fit into other categorys (idk, 50?) // algorithm parameters, pw strength growth rates as percentages (per character) flca = entropy growth factor for lowercase letters (.25 is probably a good value) fuca = EGF for uppercase letters (.4 is probably good) fd = EGF for digits (.4 is probably good) fsp = EGF for special chars (.5 is probably good) fxc = EGF for extended ascii chars (.75 is probably good) // repetition factors. few unique letters == low factor, many unique == high rflca = (1 - (1 - flca) ^ uqlca) rfuca = (1 - (1 - fuca) ^ uquca) rfd = (1 - (1 - fd ) ^ uqd ) rfsp = (1 - (1 - fsp ) ^ uqsp ) rfxc = (1 - (1 - fxc ) ^ uqxc ) // digit strengths strength = ( rflca * Nlca + rfuca * Nuca + rfd * Nd + rfsp * Nsp + rfxc * Nxc ) ^ length entropybits = log_base_2(strength) A few inputs and their desired and actual entropy_bits outputs: INPUT DESIRED ACTUAL aaa very pathetic 8.1 aaaaaaaaa pathetic 24.7 abcdefghi weak 31.2 H0ley$Mol3y_ strong 72.2 s^fU¬5ü;y34G< wtf 88.9 [a^36]* pathetic 97.2 [a^20]A[a^15]* strong 146.8 xkcd1** medium 79.3 xkcd2** wtf 160.5 * these 2 passwords use shortened notation, where [a^N] expands to N a's. ** xkcd1 = "Tr0ub4dor&3", xkcd2 = "correct horse battery staple" The algorithm does realize (correctly) that increasing the alphabet size (even by one digit) vastly strengthens long passwords, as shown by the difference in entropy_bits for the 6th and 7th passwords, which both consist of 36 a's, but the second's 21st a is capitalized. However, they do not account for the fact that having a password of 36 a's is not a good idea, it's easily broken with a weak password cracker (and anyone who watches you type it will see it) and the algorithm doesn't reflect that. It does, however, reflect the fact that xkcd1 is a weak password compared to xkcd2, despite having greater complexity density (is this even a thing?). How can I improve this algorithm? Addendum 1 Dictionary attacks and pattern based attacks seem to be the big thing, so I'll take a stab at addressing those. I could perform a comprehensive search through the password for words from a word list and replace words with tokens unique to the words they represent. Word-tokens would then be treated as characters and have their own weight system, and would add their own weights to the password. I'd need a few new algorithm parameters (I'll call them lw, Nw ~= 2^11, fw ~= .5, and rfw) and I'd factor the weight into the password as I would any of the other weights. This word search could be specially modified to match both lowercase and uppercase letters as well as common character substitutions, like that of E with 3. If I didn't add extra weight to such matched words, the algorithm would underestimate their strength by a bit or two per word, which is OK. Otherwise, a general rule would be, for each non-perfect character match, give the word a bonus bit. I could then perform simple pattern checks, such as searches for runs of repeated characters and derivative tests (take the difference between each character), which would identify patterns such as 'aaaaa' and '12345', and replace each detected pattern with a pattern token, unique to the pattern and length. The algorithmic parameters (specifically, entropy per pattern) could be generated on the fly based on the pattern. At this point, I'd take the length of the password. Each word token and pattern token would count as one character; each token would replace the characters they symbolically represented. I made up some sort of pattern notation, but it includes the pattern length l, the pattern order o, and the base element b. This information could be used to compute some arbitrary weight for each pattern. I'd do something better in actual code. Modified Example: Password: 1234kitty$$$$$herpderp Tokenized: 1 2 3 4 k i t t y $ $ $ $ $ h e r p d e r p Words Filtered: 1 2 3 4 @W5783 $ $ $ $ $ @W9001 @W9002 Patterns Filtered: @P[l=4,o=1,b='1'] @W5783 @P[l=5,o=0,b='$'] @W9001 @W9002 Breakdown: 3 small, unique words and 2 patterns Entropy: about 45 bits, as per modified algorithm Password: correcthorsebatterystaple Tokenized: c o r r e c t h o r s e b a t t e r y s t a p l e Words Filtered: @W6783 @W7923 @W1535 @W2285 Breakdown: 4 small, unique words and no patterns Entropy: 43 bits, as per modified algorithm The exact semantics of how entropy is calculated from patterns is up for discussion. I was thinking something like: entropy(b) * l * (o + 1) // o will be either zero or one The modified algorithm would find flaws with and reduce the strength of each password in the original table, with the exception of s^fU¬5ü;y34G<, which contains no words or patterns.

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • PAM Winbind Expired Password

    - by kernelpanic
    We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close the session once it sees the password has expired? Example: login as: ad-user [email protected]'s password: Warning: password has expired. [ad-user@server ~]$ Contents of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 account sufficient pam_succeed_if.so user ingroup AD_Admins debug account requisite pam_succeed_if.so user ingroup AD_Developers debug account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 session sufficient pam_succeed_if.so user ingroup AD_Admins debug session requisite pam_succeed_if.so user ingroup AD_Developers debug session optional pam_mkhomedir.so umask=0077 skel=/etc/skel session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >