password hash - Page 6 - Developer IT

Standard way to hash an RSA key?

- by Adam J.R. Erickson

What's the algorithm for creating hash (sha-1 or MD5) of an RSA public key? Is there a standard way to do this? Hash just the modulus, string addition of both and then take a hash? Is SHA-1 or MD5 usually used? I want to use it to ensure that I got the right key (have the sender send a hash, and I calculate it myself), and log said hash so I always know which exact key I used when I encrypt the payload.

Read the article

Password-free logins using your email address only?

- by Mario

The state of logins is horrendous. With each site having it's own rules for passwords, it can be very hard to remember what variation you used on any given site. Logins are pure pain. One thing I love about Craigslist is that it did away with logins altogether. I know this design may not suit every site, but there's something to their design that beckons to be repeated. OpenID is great on sites that have adopted it, but it's still not standard. Would it be feasible/wise to use an email address as a login and provide no password? The site would send a short-term key directly to your email address. You click on the link and you're in. When you're done, you "logout" and your key is terminated. I've toyed with this idea before. What concerns (i.e. spammers, bots, etc.) would make this impractical or unsafe and could they be overcome?

Read the article

What are the side-effects of disabling the old Lan Manager hash?

- by Bigbio2002

All of the computers in our domain are running Windows XP/Server 2003 and above (with one exception, a Win2Ksp4 server, which is not a domain controller). I intend to disable the LM hashes via group policy as indicated in KB299656, and want to ensure that there won't be any unforseen problems or side-effects. Does anyone have experience with performing this change? Are there any caveats that I should keep in mind?

Read the article

password incorrect 3 times + suspected failed update

- by Cheese

I have been lurking your site for the past few hours, and have found myself in a bit of a pickle. Visiting my parents, I discover that neither computer, nor laptop work. Long story short, I've got the laptop working, but have completely fudged up the computer. I am a n00b, but I was at least willing to give it a go. The comp originally had ubuntu 11.10 installed, later updated to 12.04. We have cds for both. I do not understand what the initial problem was for my parents, but somehow when I turned on the computer, it worked for me. Soon after, I was nagged to install the latest updates. So, I spent the next half an hour wondering why the updates kept on asking for 11.04 cdroms, until I realised that you could turn off the cdrom necessity. After doing this via console, I installed some of the smaller updates, before being told to do a partial update. This failed a few times, and ended up freezing whilst reinstalling drivers. After a hard restart I continued to type whatever I could find on the forum into the console. At some point, the console started saying that I had 3 incorrect password inputs, and sudo commands stopped altogether. I found another thread discussing this; but people kept on suggesting changing passwords (which I did to no avail) or other things that made use of sudo (which I am locked out of, although I am technically the admin) I found myself somehow on the Ctrl+Alt+F1 console, and after being utterly confused (and Ctrl+AltF5 failing for me), another hard reset occurred. Somewhere along the way I created a USB start up for 14.04, (but this does not seem to work) Now I am left with an admin (and guest) account that log in but have blank screens (with only the desktop background showing) and I can't do anything in the console because I'm locked out. Interestingly, the console now says that I am running 14.04 although all updates said they had failed. Aside from the obvious lessons I have learnt (don't fiddle about in the console when you have no idea what you're doing "Dog wearing safety glasses "I have no idea what I am doing" GIF would be inserted here ) Is there any way I can redeem this almighty muck up? A million thanks for any help!

Read the article

[Sql-Server]what data type to use for password salt and hash values and what length?

- by Pandiya Chendur

I am generating salt and hash values from my passwords by using, string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt); private static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } private static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; } What datatype you would suggest for storing these values in sql server? Any suggestion... Salt:9GsPWpFD Hash:E778AF0DC5F2953A00B35B35D80F6262CDBB8567

Read the article

Password Policy seems to be ignored for new Domain on Windows Server 2008 R2

- by Earl Sven

I have set up a new Windows Server 2008 R2 domain controller, and have attempted to configure the Default Domain Policy to permit all types of passwords. When I want to create a new user (just a normal user) in the Domain Users and Computers application, I am prevented from doing so because of password complexity/length reasons. The password policy options configured in the Default Domain Policy are not defined in the Default Domain Controllers Policy, but having run the Group Policy Modelling Wizard these settings do not appear to be set for the Domain Controllers OU, should they not be inherited from the Default Domain policy? Additionally, if I link the Default Domain policy to the Domain Controllers OU, the Group Policy Modelling Wizard indicates the expected values for complexity etc, but I still cannot create a new user with my desired password. The domain is running at the Windows Server 2008 R2 functional level. Any thoughts? Thanks! Update: Here is the "Account policy/Password policy" Section from the GPM Wizard: Policy Value Winning GPO Enforce password history 0 Passwords Remembered Default Domain Policy Maximum password age 0 days Default Domain Policy Minimum password age 0 days Default Domain Policy Minimum password length 0 characters Default Domain Policy Passwords must meet complexity Disabled Default Domain Policy These results were taken from running the GPM Wizard at the Domain Controllers OU. I have typed them out by hand as the system I am working on is standalone, this is why the table is not exactly the wording from the Wizard. Are there any other policies that could override the above? Thanks!

Read the article

Is there a way to prevent password expiration when user has no password?

- by Eric DANNIELOU

Okay, we all care about security so users should change their passwords on a regular basis (who said passwords are like underwear?). On redhat and centos (5.x and 6.x), it's possible to make every real user password expires after 45 days, and warn them 7 days before. /etc/shadow entry then looks like : testuser:$6$m8VQ7BWU$b3UBovxC5b9p2UxLxyT0QKKgG1RoOHoap2CV7HviDJ03AUvcFTqB.yiV4Dn7Rj6LgCBsJ1.obQpaLVCx5.Sx90:15588:1:45:7::: It works very well and most users often change their passwords. Some users find it convenient not to use any password but ssh public key (and I'd like to encourage them). Then after 45 days they can't log in as they forgot their password and are asked to change it. Is there a way to prevent password expiration if and only if password is disabled? Setting testuser:!!:15588:1:45:7::: in /etc/shadow did not work : testuser is asked to change his password after 45 days. Of course, setting back password expiration to 99999 days works but : It requires extra work. Security auditors might not be happy. Is there a system wide parameter that would prompt the user to change expired password only if he really has one ?

Read the article

What is meant by "no password set" for root account (and otthers)?

- by MMA

Several years back, we were more accustomed to changing to the root account using the su command. First, we switched to the root account, and then executed those root commands. Now we are more accustomed to using the sudo command. But we know that the root account is there. We can readily find the home directory of user root. $ ls -ld /root/ drwx------ 18 root root 4096 Oct 22 17:21 /root/ Now my point is, it is stated that "the root password in Ubuntu is left unset". Please see the answers to this question. Most of the answers have something to this effect in the first paragraph. One or two answers further state that "the account is left disabled". Now my (primary) questions are, What is meant by an unset password? Is it blank? Is it null? Or something else more cryptic? How does the account becomes enabled once I set password for it? (sudo password root) In order get a better understanding, I checked the /etc/shadow file. Since I have already set a password for the root account, I can no longer see what is there (encrypted password). So, I created another account and left it disabled. The corresponding entry in the /etc/shadow file is, testpassword:!:16020:0:99999:7::: Now perhaps my above queries need to be changed to, what does an ! in password field mean? Other encrypted passwords are those very long cryptic strings. How come this encrypted form is only one character long? And does an account become disabled if I put an ! in the (encrypted) password field?

Read the article

reference to specific hash key

- by dave

How do I create a reference to the value in a specific hash key. I tried the following but $$foo is empty. Any help is much appreciated. $hash->{1} = "one"; $hash->{2} = "two"; $hash->{3} = "three"; $foo = \${$hash->{1}}; $hash->{1} = "ONE"; #I want "MONEY: ONE"; print "MONEY: $$foo\n";

Read the article

Oracle Hash Cluster Overflow Blocks

- by Andrew

When inserting a large number of rows into a single table hash cluster in Oracle, it will fill up the block with any values that hash to that hash-value and then start using overflow blocks. These overflow blocks are listed as chained off the main block, but I can not find detailed information on the way in which they are allocated or chained. When an overflow block is allocated for a hash value, is that block exclusively allocated to that hash value, or are the overflow blocks used as a pool and different hash values can then start using the same overflow block. How is the free space of the chain monitored - in that, as data is continued to be inserted, does it have to traverse the entire chain to find out if it has some free space in the current overflow chain, and then if it finds none, it then chooses to allocate a new block?

Read the article

From string to hex MD5 hash and back

- by Pablo Fernandez

I have this pseudo-code in java: bytes[] hash = MD5.hash("example"); String hexString = toHexString(hash); //This returns something like a0394dbe93f bytes[] hexBytes = hexString.getBytes("UTF-8"); Now, hexBytes[] and hash[] are different. I know I'm doing something wrong since hash.length() is 16 and hexBytes.length() is 32. Maybe it has something to do with java using Unicode for chars (just a wild guess here). Anyways, the question would be: how to get the original hash[] array from the hexString. The whole code is here if you want to look at it (it's ~ 40 LOC) http://gist.github.com/434466 The output of that code is: 16 [-24, 32, -69, 74, -70, 90, -41, 76, 90, 111, -15, -84, -95, 102, 65, -10] 32 [101, 56, 50, 48, 98, 98, 52, 97, 98, 97, 53, 97, 100, 55, 52, 99, 53, 97, 54, 102, 102, 49, 97, 99, 97, 49, 54, 54, 52, 49, 102, 54] Thanks a lot!

Read the article

trying to set and use a password via commandline using ultraVNC on windows server 2003 vnc

- by mustafa

Okay, so I installed ultravnc on windows server 2003. It uses the ultravnc.i.i file to store password and configuration information. But I'd like to be able to set the password using the command line. There is a tool called vncpwd: http://www.sysworksoft.net/products/vncpwd.html But it's old, and when you use it to change the password, it changes the password in the system registry instead of the ultravnc.ini file. But, you can set ultravnc to use the registry instead of the ini file. Success? No. I set ultravnc to use the registry (which stores the hashed password that I set using vncpwd), but, it still uses the password in the .ini file. does anyone know what gives.

Read the article

Check username password combination in Windows

- by mwolfe02

I have an autohotkey script that maps multiple network drives using a series of net use commands. I enter my password once into an autohotkey inputbox, then run all of the net use commands with the entered password. This works great as long as I enter the correct password. If I mistype my password it runs all the net use commands with an incorrect password and my account ends up locked out. Aside from catching the error code/output from the net use command, is there some other way (through Autohotkey/Windows command-line) to verify the username/password combo is correct before I run it multiple times?

Read the article

how insecure is my short password really?

- by rika-uehara

Using systems like TrueCrypt, when I have to define a new password I am often informed that using a short password is insecure and "very easy" to break by brute-force. I always use passwords of 8 characters in length, which are not based on dictionary words, which consists of characters from the set A-Z, a-z, 0-9 I.e. I use password like sDvE98f1 How easy is it to crack such a password by brute-force? I.e. how fast. I know it heavily depends on the hardware but maybe someone could give me an estimate how long it would take to do this on a dual core with 2GHZ or whatever to have a frame of reference for the hardware. To briute-force attack such a password one needs not only to cycle through all combinations but also try to de-crypt with each guessed password which also needs some time. Also, is there some software to brute-force hack truecrypt because I want to try to brute-force crack my own passsword to see how long it takes if it is really that "very easy".

Read the article

Logging in with a different password than the database password, PHPMyAdmin

- by Andrew M

I am trying to install PHPMyAdmin on my server to manage my MySQL databases. Right now I have only one I want to add, but I would like to be able to manage multiple databases from the same account on PHPMyAdmin. How would I configure PMA so I could login with "andrew" and a password of "examplepassword" instead of the annoyingly long and unchangeable database user and password I am provided (ie. db3483478234, password of random characters)? I can't seem to find an area to specify a different password than the regular database username and password.

Read the article

Cannot change password for user postgres in postgresql

- by dhaval

I have made the following entry in pg_hba.conf local all all trust but still su postgres does not accept blank as password. I am not able to run psql nor pg_ctl for same reason as most of the files are owned by postgres. EDIT1 dhaval@ubuntu:~$ su -c "pg_ctl reload -D template1" Password: su: Authentication failure dhaval@ubuntu:~$ su -c psql Password: su: Authentication failure I am giving the root password above but I guess its expecting "postgres" superuser password. I dont have the same. I need to reset it. EDIt2 dhaval@ubuntu:~$ sudo -i -u postgres [sudo] password for dhaval: postgres@ubuntu:~$ psql Welcome to psql 8.3.7, the PostgreSQL interactive terminal. The above has taken me postgreSQL command prompt. But I am still not sure why the "trust" was not working.

Read the article

How to let users change linux password from web browser?

- by wag2639

I'm not sure if this is a stackoverflow question or serverfault but here goes: I have an Ubuntu 10.04 file server (Samba/FTP/HTTP) and I would like to have the ability to give users the ability to change their password to the server using their web browser. I've written a similar script before using PHP and a mess of exec but I believe that isn't secure because it can be listened to by someone looking at the list of processes on the server. Is there some kind of plugin (PHP or Python or other) that can do this easily? I rather not use something like webmin as it's overkill for this.

Read the article

Is sending a hashed password over the wire a security hole?

- by Ubiquitous Che

I've come across a system that is in use by a company that we are considering partnering with on a medium-sized (for us, not them) project. They have a web service that we will need to integrate with. My current understanding of proper username/password management is that the username may be stored as plaintext in the database. Every user should have a unique pseudo-random salt, which may also be stored in plaintext. The text of their password must be concatenated with the salt and then this combined string may be hashed and stored in the database in an nvarchar field. So long as passwords are submitted to the website (or web service) over plaintext, everything should be just lovely. Feel free to rip into my understanding as summarized above if I'm wrong. Anyway, back to the subject at hand. The WebService run by this potential partner doesn't accept username and password, which I had anticipated. Instead, it accepts two string fields named 'Username' and 'PasswordHash'. The 'PasswordHash' value that I have been given does indeed look like a hash, and not just a value for a mis-named password field. This is raising a red flag for me. I'm not sure why, but I feel uncomfortable sending a hashed password over the wire for some reason. Off the top of my head I can't think of a reason why this would be a bad thing... Technically, the hash is available on the database anyway. But it's making me nervous, and I'm not sure if there's a reason for this or if I'm just being paranoid.

Read the article

Unable to retrive open-id password wheras able to login via gmail only???

- by diEcho

Hello All, I have two OPEN-ID accounts referenced with same gmail address, now i forget one of my Open ID account's password and when i tried to recover my password then the mail sent by The MyOpen ID Team having second one open-id account's password change link whereas i need first one open-id password. i tries a lot of times to recover but each time mail having second open-id passord change link so what do i do to recover my first open-id password whereas i m able to login from that open-id via gmail account. i have mailed to open id teams many times already? but no answer?? how do i collect all open ID password reset link referencing same email address??

Read the article

Password protected website

- by danie7L T

I need to add a user authentication page before the actual homepage of the website. In Joomla! I just set the website offline and the offline page loads in place of the homepage but then it's automatically throwing a "503 Service Temporarily Unavailable" error which I would like to avoid. That's why I would like to know the other ways to load an authentication page before the homepage. NB: I'm using Apache servers if that's relevant Thank you

Read the article

Password value on click is not changing the text to 'Password'

- by Sam

Read the article

no administrator password for Windows 7

- by huskergirl78

I'm a secretary and my boss set up my new Windows 7 OptiPlex 7010 (Dell) computer for me while I was on vacation (he does not remember setting any "administrator" password). We are a small office so there is no system password set, either. I've used it for 6 months, all the while I couldn't access network drives, etc., without an administrator password. It was annoying, but I could still get my work done. Finally, on a slow day I took it upon myself to "fix" the problem, and in all my infinite wisdom, I managed to change my user account from administrator to standard user, so now I really can't do anything. I can't download or install any programs, move or rename files, etc. I tried the Dell suggested solution, but the BIOS tells me there is no password set, so it has to be a Windows 7 problem. All the solutions I have come across require an administrator password to let me do them. What can I do to find out the admin password so I can use my own darn computer!? Is there a default admin password?

Read the article

Password hashing, salt and storage of hashed values

- by Jonathan Leffler

Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

Read the article

Strange ruby behavior when using Hash.new([])

- by Valentin Vasilyev

Consider this code: h=Hash.new(0) #new hash pairs will by default have 0 as values h[1]+=1 # {1=>1} h[2]+=2 # {2=>2} that's all fine, but: h=Hash.new([]) #empty array as default value h[1]<<=1 #{1=>[1]} - OK h[2]<<=2 #{1=>[1,2], 2=>[1,2]} # why ?? At this point I expect the hash to be: {1=>[1], 2=>[2]} But something goes wrong. Does anybody know what happens?

Read the article

How to get the top keys from a hash by value

- by Kirs Kringle

I have a hash that I sorted by values greatest to least. How would I go about getting the top 5? There was a post on here that talked about getting only one value. What is the easiest way to get a key with the highest value from a hash in Perl? I understand that so would lets say getting those values add them to an array and delete the element in the hash and then do the process again? Seems like there should be an easier way to do this then that though. My hash is called %words. use strict; use warnings; use Tk; #Learn to install here: http://factscruncher.blogspot.com/2012/01/easy-way-to-install-tk- on-strawberry.html #Reading in the text file my $file0 = Tk::MainWindow->new->Tk::getOpenFile; open( my $filehandle0, '<', $file0 ) || die "Could not open $file0\n"; my @words; while ( my $line = <$filehandle0> ) { chomp $line; my @word = split( /\s+/, lc($line)); push( @words, @word ); } for (@words) { s/[\,|\.|\!|\?|\:|\;|\"]//g; } #Counting words that repeat; put in hash my %words_count; $words_count{$_}++ for @words; #Reading in the stopwords file my $file1 = "stoplist.txt"; open( my $filehandle1, '<', $file1 ) or die "Could not open $file1\n"; my @stopwords; while ( my $line = <$filehandle1> ) { chomp $line; my @linearray = split( " ", $line ); push( @stopwords, @linearray ); } for my $w ( my @stopwords ) { s/\b\Q$w\E\B//ig; } #Comparing the array to Hash and deleteing stopwords my %words = %words_count; for my $stopwords ( @stopwords ) { delete $words{ $stopwords }; } #Sorting Hash Table my @keys = sort { $words{$b} <=> $words{$a} or "\L$a" cmp "\L$b" } keys %words; #Starting Statistical Work my $value_count = 0; my $key_count = 0; #Printing Hash Table $key_count = keys %words; foreach my $key (@keys) { $value_count = $words{$key} + $value_count; printf "%-20s %6d\n", $key, $words{$key}; } my $value_average = $value_count / $key_count; #my @topwords; #foreach my $key (@keys){ #if($words{$key} > $value_average){ # @topwords = keys %words; # } #} print "\n", "The number of values: ", $value_count, "\n"; print "The number of elements: ", $key_count, "\n"; print "The Average: ", $value_average, "\n\n";

Search Results

Search found 12796 results on 512 pages for 'password hash'.

Page 6/512 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13 | Next Page >

- by Adam J.R. Erickson

- by Mario

- by Bigbio2002

- by Cheese

- by Pandiya Chendur

- by Earl Sven

- by Eric DANNIELOU

- by MMA

- by dave

- by Andrew

- by Pablo Fernandez

- by mustafa

- by mwolfe02

- by rika-uehara

- by Andrew M

- by dhaval

- by wag2639

- by Ubiquitous Che

- by diEcho

- by danie7L T

- by Sam

- by huskergirl78

- by Jonathan Leffler

- by Valentin Vasilyev

- by Kirs Kringle

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13 | Next Page >