Search Results

Search found 18675 results on 747 pages for 'laptop password'.

Page 61/747 | < Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >

• Can IIS admin change password of Windows Service account

  - by sweta Jha

  We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

  Read the article

• How to read a password encrypted key with java?

  - by Denis

  Hi, This is very simple question. I have private key stored in file in PKCS8 DER format and protected by password. What is the easiest way to read it? Here is the code I use to load unencrypted one: InputStream in = new FileInputStream(privateKeyFilename); byte[] privateKeydata = new byte[in.available()]; in.read(privateKeydata); in.close(); KeyFactory privateKeyFactory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(privateKeydata); PrivateKey privateKey = privateKeyFactory.generatePrivate(encodedKeySpec); Please, Help!!!

  Read the article

• Design an api using rails and change the forgot password functionality

  - by ragupathi

  I have been using rails for developing web applications and now i need to do design an api for iphone application and since i used respond to json it also produces json but i use devise for authentication in my web application and when i send email and password along with the api it gives out {"user":{"authentication_token":"Lsusyd27ewgasga63","email":"[email protected]"}} and there is forgot password functionality in the iphone app but in the web application when clicking on forgot password button it sends an email to the users email, whereby the user has to go to his mail and click on the link sent and it will take to the change password path and after changing it the user will be login but in this iphone app i want to send the password to the user mail and the user can use that password and login. How can i do this? Also do i have to create new controllers for api or the web application controller is enough if it respond as json? please help me.

  Read the article

• Codeigniter: A nice straight forward tutorial on how to build a reset password/forgotten password?

  - by Psychonetics

  I've built a full sign up system with user account activation, login, validation, captcha etc. To complete this I now need to implement a forgot password/reset password feature.. I have created one function that generates a random password 8 characters, another method that takes that random password word and applies sha1 and hashing. Also one that takes that hashed password and stores it in a table in the database. I will keep these methods to one side as they might come in handy later on but for now I would like to know if anyone can point me to a nice tutorial for creating a password reset feature for my website. Thanks in advance

  Read the article

• How do you do masked password entry on windows using character overwriting?

  - by Erick

  Currently I am using this implementation to hide user input during password entry: void setEcho(bool enable) { HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); DWORD mode; GetConsoleMode(hStdin, &mode); if(enable) { mode |= ENABLE_ECHO_INPUT; } else { mode &= ~ENABLE_ECHO_INPUT; } SetConsoleMode(hStdin, mode); } The user needs to be able to have positive feed back that text entry is being made. What techniques are available in a Win32 environment using C++?

  Read the article

• Access denied for user 'root@localhost' (using password:NO)

  - by Nasser Hajloo

  I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

  Read the article

• Error comparing hash to hashed mysql password (output values are equal)

  - by Charlie

  Im trying to compare a hashed password value in a mysql database with the hashed value of an inputted password from a login form. However, when I compare the two values it says they aren't equal. I removed the salt to simply, and then tested what the outputs were and got the same values $password1 = $_POST['password']; $hash = hash('sha256', $password1); ...connect to database, etc... $query = "SELECT * FROM users WHERE username = '$username1'"; $result = mysql_query($query); $userData = mysql_fetch_array($result); if($hash != $userData['password']) //incorrect password { echo $hash."|".$userData['password']; die(); } ...other code... Sample output: 7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361| 7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361 Any thoughts?

  Read the article

• rails 3.1 partial_updates doesn't seem to work with password

  - by user1306769

  i have a user model with a password attribute, which gets saved as password_digest. What i want to do is have the edit user page and the edit password page separated, so that the admin doesn't need to input the password everytime he needs to change something else. For this i have made an extra action / view. My problem is that when i update the user info, i get password validation errors even though i have no password field in the form. Which leads me to the conclusion that partial_updates isn't working with the password attribute (as i have already tested in the console that it is enabled, and it is) Is this me doing something wrong, or should i approach this differently?

  Read the article

• Can't validate mine, sudo nor root in Debian "Jessie" Gnome anymore?

  - by Janar

  I'm Debian beginner & GUI guy in a bit of trouble? Can't login as sudo/gksu/root/su nor as (main/super)user after removed user password via Gnome-user-settings. History of actions (Probably irrelevant though) Installed Debian "Jessie" GNU/Linux with xFce GUI (en-US) as only OS. HardWare is ThinkPad w510. Skipped root user password in setup, to get sudo for superuser easily. Logged in (as always had) with Gnome (3.4.x), not once with xFCE. (installed Xfce. Installed xFce only to achieve more control (easier management) over packages this way, to set-up gnome much more by mine likes. Added more jessie repros (same ones as in Wheesy stable by default but for Jessie as, Jessie only had repros for security updates by default). Installed lots of gtk(3) & gnome(3) based soft; (- restarted again after this) Installed propietary graphics card driver for mine nvidia quadro. (- restarted once again after that one) Installed more stuff related to mine work/school/devel. The actual problem Had a plan to restart again, but wanted to set up auto-login first, instead set user password to none (don't ask why / perhaps caused by being awake for a looooong time), noticed it, and set also to auto-login, but couldn't undo mine previous mistake to create new password for me. As mine password is set to none I would have expected that simply return in pass prompt for emty password field would do, but it won't authenticate. I tried Alt+F2 "gksu gedit" as well as: sudo wget "https://www.some-page.eu/file.ext" and "su" in terminals, none has applied (quite logical actually - as I'm sudoer and highest ranked super user, besides only user in computer). Current stand Everything worked & still works nice after this accident, besides this password prompts part. To spoked to log-out nor restart. Synaptic package-manager is still open with root rights (only one, that has left open prior to the issue and not closed since, just in case). Goggled for help and read some manuals/faqs/how-tos - mostly lead to sudoers file management, but not found one specifically for mine issue - so still not any smarter. Really hope, that I don't have to redo OS inst all over again, by just one stupid mistake. Thanks for your reply :-)

  Read the article

• PAM with KRB5 to Active Directory - How to prevent update of AD password?

  - by Ex Umbris

  I have a working Fedora 9 system that's set up to authenticate users via PAM - krb5 - Active Directory. I'm migrating this to Fedora 14, and everything works, but it's working too well :-) On Fedora 9, if a Linux user updated their password, it did not propagate to their Active Directory account. On Fedora 14, it is changing their A/D password. The problem is I don't want A/D to be updated. Here's my password-auth-ac: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so I tried removing the line password sufficient pam_krb5.so use_authtok But then when attempting to change the Linux password, if they provide their A/D password for the authentication prompt, they get the error: passwd: Authentication token manipulation error What I want to achieve is: Allow authentication with either the A/D or Linux password (the Linux password is a fall-back for certain sysadmin users in case A/D is unavailable for some reason). This is working now. Allow users to change their Linux passwords without affecting their A/D passwords. Is this possible?

  Read the article

• laptop crashed: why?

  - by sds

  my linux (ubuntu 12.04) laptop crashed, and I am trying to figure out why. # last sds pts/4 :0 Tue Sep 4 10:01 still logged in sds pts/3 :0 Tue Sep 4 10:00 still logged in reboot system boot 3.2.0-29-generic Tue Sep 4 09:43 - 11:23 (01:40) sds pts/8 :0 Mon Sep 3 14:23 - crash (19:19) this seems to indicate a crash at 09:42 (= 14:23+19:19). as per another question, I looked at /var/log: auth.log: Sep 4 09:17:02 t520sds CRON[32744]: pam_unix(cron:session): session closed for user root Sep 4 09:43:17 t520sds lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0) no messages file syslog: Sep 4 09:24:19 t520sds kernel: [219104.819975] CPU0: Package power limit normal Sep 4 09:43:16 t520sds kernel: imklog 5.8.6, log source = /proc/kmsg started. kern.log: Sep 4 09:24:19 t520sds kernel: [219104.819969] CPU1: Package power limit normal Sep 4 09:24:19 t520sds kernel: [219104.819971] CPU2: Package power limit normal Sep 4 09:24:19 t520sds kernel: [219104.819974] CPU3: Package power limit normal Sep 4 09:24:19 t520sds kernel: [219104.819975] CPU0: Package power limit normal Sep 4 09:43:16 t520sds kernel: imklog 5.8.6, log source = /proc/kmsg started. Sep 4 09:43:16 t520sds kernel: [ 0.000000] Initializing cgroup subsys cpuset Sep 4 09:43:16 t520sds kernel: [ 0.000000] Initializing cgroup subsys cpu I had a computation running until 9:24, but the system crashed 18 minutes later! kern.log has many pages of these: Sep 4 09:43:16 t520sds kernel: [ 0.000000] total RAM covered: 8086M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 64K num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 128K num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 256K num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 512K num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 1M num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 2M num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 4M num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 8M num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 16M num_reg: 10 lose cover RAM: 38M Sep 4 09:43:16 t520sds kernel: [ 0.000000] *BAD*gran_size: 64K chunk_size: 32M num_reg: 10 lose cover RAM: -16M Sep 4 09:43:16 t520sds kernel: [ 0.000000] *BAD*gran_size: 64K chunk_size: 64M num_reg: 10 lose cover RAM: -16M Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 128M num_reg: 10 lose cover RAM: 0G Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 256M num_reg: 10 lose cover RAM: 0G Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 512M num_reg: 10 lose cover RAM: 0G Sep 4 09:43:16 t520sds kernel: [ 0.000000] gran_size: 64K chunk_size: 1G num_reg: 10 lose cover RAM: 0G Sep 4 09:43:16 t520sds kernel: [ 0.000000] *BAD*gran_size: 64K chunk_size: 2G num_reg: 10 lose cover RAM: -1G does this mean that my RAM is bad?! it also says Sep 4 09:43:16 t520sds kernel: [ 2.944123] EXT4-fs (sda1): INFO: recovery required on readonly filesystem Sep 4 09:43:16 t520sds kernel: [ 2.944126] EXT4-fs (sda1): write access will be enabled during recovery Sep 4 09:43:16 t520sds kernel: [ 3.088001] firewire_core: created device fw0: GUID f0def1ff8fbd7dff, S400 Sep 4 09:43:16 t520sds kernel: [ 8.929243] EXT4-fs (sda1): orphan cleanup on readonly fs Sep 4 09:43:16 t520sds kernel: [ 8.929249] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 658984 ... Sep 4 09:43:16 t520sds kernel: [ 9.343266] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 525343 Sep 4 09:43:16 t520sds kernel: [ 9.343270] EXT4-fs (sda1): 56 orphan inodes deleted Sep 4 09:43:16 t520sds kernel: [ 9.343271] EXT4-fs (sda1): recovery complete Sep 4 09:43:16 t520sds kernel: [ 9.645799] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null) does this mean my HD is bad? As per FaultyHardware, I tried smartctl -l selftest, which uncovered no errors: smartctl 5.41 2011-06-09 r3365 [x86_64-linux-3.2.0-30-generic] (local build) Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net === START OF INFORMATION SECTION === Model Family: Seagate Momentus 7200.4 Device Model: ST9500420AS Serial Number: 5VJE81YK LU WWN Device Id: 5 000c50 0440defe3 Firmware Version: 0003LVM1 User Capacity: 500,107,862,016 bytes [500 GB] Sector Size: 512 bytes logical/physical Device is: In smartctl database [for details use: -P show] ATA Version is: 8 ATA Standard is: ATA-8-ACS revision 4 Local Time is: Mon Sep 10 16:40:04 2012 EDT SMART support is: Available - device has SMART capability. SMART support is: Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED See vendor-specific Attribute list for marginal Attributes. General SMART Values: Offline data collection status: (0x82) Offline data collection activity was completed without error. Auto Offline Data Collection: Enabled. Self-test execution status: ( 0) The previous self-test routine completed without error or no self-test has ever been run. Total time to complete Offline data collection: ( 0) seconds. Offline data collection capabilities: (0x7b) SMART execute Offline immediate. Auto Offline data collection on/off support. Suspend Offline collection upon new command. Offline surface scan supported. Self-test supported. Conveyance Self-test supported. Selective Self-test supported. SMART capabilities: (0x0003) Saves SMART data before entering power-saving mode. Supports SMART auto save timer. Error logging capability: (0x01) Error logging supported. General Purpose Logging supported. Short self-test routine recommended polling time: ( 1) minutes. Extended self-test routine recommended polling time: ( 109) minutes. Conveyance self-test routine recommended polling time: ( 2) minutes. SCT capabilities: (0x103b) SCT Status supported. SCT Error Recovery Control supported. SCT Feature Control supported. SCT Data Table supported. SMART Attributes Data Structure revision number: 10 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x000f 117 099 034 Pre-fail Always - 162843537 3 Spin_Up_Time 0x0003 100 100 000 Pre-fail Always - 0 4 Start_Stop_Count 0x0032 100 100 020 Old_age Always - 571 5 Reallocated_Sector_Ct 0x0033 100 100 036 Pre-fail Always - 0 7 Seek_Error_Rate 0x000f 069 060 030 Pre-fail Always - 17210154023 9 Power_On_Hours 0x0032 095 095 000 Old_age Always - 174362787320258 10 Spin_Retry_Count 0x0013 100 100 097 Pre-fail Always - 0 12 Power_Cycle_Count 0x0032 100 100 020 Old_age Always - 571 184 End-to-End_Error 0x0032 100 100 099 Old_age Always - 0 187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 0 188 Command_Timeout 0x0032 100 100 000 Old_age Always - 1 189 High_Fly_Writes 0x003a 100 100 000 Old_age Always - 0 190 Airflow_Temperature_Cel 0x0022 061 043 045 Old_age Always In_the_past 39 (0 11 44 26) 191 G-Sense_Error_Rate 0x0032 100 100 000 Old_age Always - 84 192 Power-Off_Retract_Count 0x0032 100 100 000 Old_age Always - 20 193 Load_Cycle_Count 0x0032 099 099 000 Old_age Always - 2434 194 Temperature_Celsius 0x0022 039 057 000 Old_age Always - 39 (0 15 0 0) 195 Hardware_ECC_Recovered 0x001a 041 041 000 Old_age Always - 162843537 196 Reallocated_Event_Count 0x000f 095 095 030 Pre-fail Always - 4540 (61955, 0) 197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0 198 Offline_Uncorrectable 0x0010 100 100 000 Old_age Offline - 0 199 UDMA_CRC_Error_Count 0x003e 200 200 000 Old_age Always - 0 254 Free_Fall_Sensor 0x0032 100 100 000 Old_age Always - 0 SMART Error Log Version: 1 No Errors Logged SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Extended offline Completed without error 00% 4545 - SMART Selective self-test log data structure revision number 1 SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS 1 0 0 Not_testing 2 0 0 Not_testing 3 0 0 Not_testing 4 0 0 Not_testing 5 0 0 Not_testing Selective self-test flags (0x0): After scanning selected spans, do NOT read-scan remainder of disk. If Selective self-test is pending on power-up, resume after 0 minute delay. Googling for the messages proved inconclusive, I can't even figure out whether the messages are routine or catastrophic. So, what do I do now?

  Read the article

• Ubuntu 13.10 isn't remembering my passwords anymore, why?

  - by Nik Reiman

  Ubuntu's password management used to be working just fine for me, but around two weeks ago after running apt-get upgrade, I've noticed that now it keeps "forgetting" my passwords. For instance, I need to manually enter passwords to unlock my ssh keys to use git, which previously was done automatically on login. My workplace's 802.11x authentication also no longer works, I need to manually re-auth just to connect to internet. What's going on?

  Read the article

• Hash Sum mismatch on python-keyring

  - by Gearoid Murphy

  I came in to my workstation this morning to find an apt error notification relating to a hash sum mismatch on the python keyring password storage mechanism, given the sensitive nature of this package, this gives me some cause for concern. Has anyone else seen this error?, how can I ensure that my system has not been compromised? Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/main/p/python-keyring/python-keyring_0.9.2-0ubuntu0.12.04.2_all.deb Hash Sum mismatch Xubuntu 11.04 AMD64

  Read the article

• How can * be a safe hashed password?

  - by Exception e

  phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // <snip> trying to generate a hash… # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } This is the complete phpsalt class: # Portable PHP password hashing framework. # # Version 0.2 / genuine. # # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in # the public domain. # # # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime() . getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; if (substr($setting, 0, 3) != '$P$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } }

  Read the article

• How does one decrypt a PDF with an owner password, but no user password?

  - by Tony Meyer

  Although the PDF specification is available from Adobe, it's not exactly the simplest document to read through. PDF allows documents to be encrypted so that either a user password and/or an owner password is required to do various things with the document (display, print, etc). A common use is to lock a PDF so that end users can read it without entering any password, but a password is required to do anything else. I'm trying to parse PDFs that are locked in this way (to get the same privileges as you would get opening them in any reader). Using an empty string as the user password doesn't work, but it seems (section 3.5.2 of the spec) that there has to be a user password to create the hash for the admin password. What I would like is either an explanation of how to do this, or any code that I can read (ideally Python, C, or C++, but anything readable will do) that does this so that I can understand what I'm meant to be doing. Standalone code, rather than reading through (e.g.) the gsview source, would be best.

  Read the article

• jQuery Validate plugin - password check - minimum requirements - Regex

  - by QviXx

  I've got a little problem with my password-checker. There's got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs. It all works except the password-validation: The password should meet some minimum requirements: minimum length: 8 - I just use 'minlength: 8' at least one lower-case character at least one digit Allowed Characters: A-Z a-z 0-9 @ * _ - . ! At the moment I use this code to validate the password: $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); This Code works for the allowed characters but not for minimum requirements. I know that you can use for example (?=.*[a-z]) for a lower-case-requirement. But I just don't get it to work. If I add (?=.*[a-z]) the whole code doesn't work anymore. I need to know how to properly add the code to the existing one. Thank you for your answers! This is the complete code <script> $(function() { $("#regform").validate({ rules: { forename: { required: true }, surname: { required: true }, username: { required: true }, password: { required: true, pwcheck: true, minlength: 8 }, password2: { required: true, equalTo: "#password" }, mail1: { required: true, email: true }, mail2: { required: true, equalTo: "#mail1" } }, messages: { forename: { required: "Vornamen angeben" }, surname: { required: "Nachnamen angeben" }, username: { required: "Usernamen angeben" }, password: { required: "Passwort angeben", pwcheck: "Das Passwort entspricht nicht den Kriterien!", minlength: "Das Passwort entspricht nicht den Kriterien!" }, password2: { required: "Passwort wiederholen", equalTo: "Die Passwörter stimmen nicht überein" }, mail1: { required: "Mail-Adresse angeben", email: "ungültiges Mail-Format" }, mail2: { required: "Mail-Adresse wiederholen", equalTo: "Die Mail-Adressen stimmen nicht überein" } } }); $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); }); </script>

  Read the article

• Password hashing, salt and storage of hashed values

  - by Jonathan Leffler

  Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

  Read the article

• Run Flyff without elevating user to Admin or requiring Admin Password

  - by AnonJr

  Bottom Line: I need to set up one game on my little sister's laptop to run without requiring an admin password/account. Its the only game that seems to insist on it... so far. Detailed Version: I set up my 14-year-old sister as a regular user on her Windows 7 Home Premium laptop, and almost everything has been fine - until she found a new game (Flyff) that doesn't seem to want to run without an Admin Password (or being logged in as an Admin). For what should be obvious reasons, I'm not going to make her an Admin. or give her the Admin password (which she swears she'll only use to run this game... anyone else buying that? Bueller?) Also, the parents aren't admins on her laptop (they are on their own, but that's another discussion for another day) and I'm not going to set them up as one as I know from past experience that the 3rd time my sister asks them to put in their password, they'll just tell her what it is - at which point I might as well as have just set her up as an admin from the outset. This is a Win7 Home Premium (64-bit, but I doubt that makes a difference) laptop, so using GPEdit is out. I also tried an answer provided in a related (but less specific) question. The app has read/write permissions for its folder in Program Files (x86), yet that doesn't seem to make a difference. I have not yet dug through the registry as mentioned in another answer to the aforementioned question. Just to be thorough, I have checked the "Run as Admin" option on the shortcut's properties to no avail. Am I missing something? Addendum 2010-11-11: Re-Checked permissions as per Joel's answer, and it didn't make a difference. Followed Jane T's suggestion (and Aeo's second) and created a "Games" folder outside Program Files, installing the game there - and making sure regular users had all the permissions they would need. No joy. After the latter of the above two changes, it occurred to me that it may be a UAC issue, so for kicks I turned off UAC - still the damn message. Last item noted: could it be a result of the publisher not being specified/verified? I've been taking a closer look at the error message and it occurred to me that the missing/unverified publisher info could have been the problem all along... Correct me if I'm wrong, but if that's the case, that means there's nothing I can do short of giving her some sort of Admin privileges (i.e. elevating her account, or giving her the password to a separate Admin account) or giving Mom an Admin account.

  Read the article

• Secure hash and salt for PHP passwords

  - by luiscubal

  It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

  Read the article

• Windows7 - “The specified network password is not correct.” when the password is in fact correct.

  - by Win7 Home User

  I have a samba server setup for some time now. It is a Hardware NAS - which unfortunately does not provide access to the Samba logs. (the exact model of the NAS is called Addonics NAS Adapter ) I also have a Windows Vista and a Windows XP machine - from both I am able to map \\192.168.0.20\Smd with no errors ( net use l: \\192.168.0.20\Smd works, after asking for my username and password). I also bought a brand new computer, with Windows 7, and when I try to execute the same exact net use command on it - using the exact same username/password pair, I get a "The specified network password is not correct." message. I also tried mapping from the Windows explorer menu, and got the same error. I synchronized the clocks of the two machines, tried again... and yet the same error persists. So what is really surprising here is that mapping works from WindowXP and Windows Vista machines, but fails from a Windows7 machine using the exact same command and username/password - Anyone has any idea of what could be causing this or how to solve the problem? Thanks

  Read the article

• Wifi as LAN - Is it possible ? How ?

  - by sagar

  Hello ! Every one. I am having a query regarding WiFi network. I am having PC & LapTop. Now, Let me explain the situation. I requested My WiFi providers that I want connection in my PC. So that - WiFi provider set up an Antenna on my building Terrace - They joined a cable to pc & that Antenna. ( I think using RJ45 connector ) - The reason behind this - my pc is not having inbuilt wifi functionality. Now - almost laptops have inbuilt functionality. Now - On terrace there is wifi with superb speed. But on my flat - wifi comes with low speed. so, when ever I use internet on my pc - it has great speed - but my laptop works with low speed. The reason behind this - PC is catching wifi from terrace & laptop is catching the wifi from it's own place. Now, My question is something like this. Can we place an antenna or something like that & connect it to laptop for better wifi speed? ( I am not technical person - Please add comment for down vote - if any ) ( Please add comment for more explanation of my Problem ) Thanks in advance for sharing your knowledge. Sagar

  Read the article

• Wifi as LAN - Is it possible ? How ?

  - by sagar

  Hello ! Every one. I am having a query regarding WiFi network. I am having PC & LapTop. Now, Let me explain the situation. I requested My WiFi providers that I want connection in my PC. So that - WiFi provider set up an Antenna on my building Terrace - They joined a cable to pc & that Antenna. ( I think using RJ45 connector ) - The reason behind this - my pc is not having inbuilt wifi functionality. Now - almost laptops have inbuilt functionality. Now - On terrace there is wifi with superb speed. But on my flat - wifi comes with low speed. so, when ever I use internet on my pc - it has great speed - but my laptop works with low speed. The reason behind this - PC is catching wifi from terrace & laptop is catching the wifi from it's own place. Now, My question is something like this. Can we place an antenna or something like that & connect it to laptop for better wifi speed? ( I am not technical person - Please add comment for down vote - if any ) ( Please add comment for more explanation of my Problem ) Thanks in advance for sharing your knowledge. Sagar

  Read the article

• How to increase wifi speed for laptops

  - by sagar

  Now, Let me explain the situation. I am having a query regarding Wi-Fi network. I am having PC & laptop. I requested my Wi-Fi providers that I want connection in my PC. So that - Wi-Fi provider set up an Antenna on my building Terrace - They joined a cable to pc & that Antenna. ( I think using RJ45 connector ) - The reason behind this - my does not have a built in Wi-Fi adapter. Now - almost laptops have built in Wi-Fi. Now - On terrace there is Wi-Fi with superb speed. But on my flat - Wi-fi comes with low speed. So, when ever I use internet on my pc - it has great speed - but my laptop works with low speed. The reason behind this - PC is catching wifi from terrace & laptop is catching the wifi from it's own place. Now, My question is something like this. Can we place an antenna or something like that & connect it to laptop for better wifi speed? ( I am not technical person - Please add comment for down vote - if any ) ( Please add comment for more explanation of my Problem ) Thanks in advance for sharing your knowledge. Sagar

  Read the article

• SSH to VM rejecting password, works from virt-manager console

  - by boundless08

  First of all, I'm sorry if there is a duplicate post somewhere. I searched for a while but none of the posts I found fixed my problem. It's fairly annoying. I created a new VM on our network and when using virt-manager I can log into the VM fine with the username and password. When I try to ssh to the VM from anywhere else it rejects the password, but I know the password is correct. I've even changed it multiple times to make sure its correct. The address I'm ssh'ing to is definitely pointing at the right VM as well, I've tested all this. It's still usable, but the virt-manager console is very limited so the sooner I can get to the bottom of this the better. VM is running ubuntu 12.04 btw. EDIT 1 Checked the auth.log and all I'm getting is "sshd[29304]:Connection closed by 'server.ip.address' [preauth]". I also tried allowing logging in as root, and even turned off password auth altogether in sshd_config and still nothing! I then turned on "AllowEmptyPasswords", still a whole lot of nothing.

  Read the article

• IBM Thinkpad 240 - Best way to boot from floppy to USB - Best Linux for 300 MHz 128 MB RAM 800x600 s

  - by zillion

  Mostly I still have that old 'ultraportable' laptop that is mostly like a pre-netbook era laptop and a friend and programmer needs a computer because the one he was using just broke and he has to wait until the new one arrive in 4-6 weeks ... This laptop has no LAN connection and CD-ROM so be prepared for a real challenge! All hardware is well supported on Windows XP (included drivers on the Windows XP CD) and on Linux out-of-the-box (but the screen need a special configuration.) Mostly any Linux that will work well with Skype (USB or regular headset), any MSN client and a text writer for code will do. What I have tested so far: Slitaz 2 don't boot because the floppy of GRUB4DOS don't see the USB drive (fully working and tested on my regular laptop), Damn Small Linux was working but was needing a special screen configuration that I don't remember (in the boot options of the floppy) and now I'm thinking about Puppy Linux that is seen to work totally out of the box with it but I will need an old Puppy version (1 or 2 I think) and the Wakepup floppy ... If you got some ideas to help or to try I'm open!

  Read the article

< Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >