password   26043

« earlier    

Hacker, hack thyself • Coding Horror
Jeff Atwood wanted to know how secure the hashed passwords in the Discourse database are:
<p>My quick hashcat results gave me some confidence that we weren't doing anything terribly wrong with the Discourse password hashes stored in the database. But I wanted to be completely sure, so I hired someone with a background in security and penetration testing to, under a signed NDA, try cracking the password hashes of two live and very popular Discourse sites we currently host.

[His report:]
<p>I was provided two sets of password hashes from two different Discourse communities, containing 5,909 and 6,088 hashes respectively. Both used the PBKDF2-HMAC-SHA256 algorithm with a work factor of 64k. Using hashcat, my Nvidia GTX 1080 Ti GPU generated these hashes at a rate of ~27,000/sec.

Common to all discourse communities are various password requirements:

All users must have a minimum password length of 10 characters.
All administrators must have a minimum password length of 15 characters.
Users cannot use any password matching a blacklist of the 10,000 most commonly used passwords.
Users can choose to create a username and password or use various third party authentication mechanisms (Google, Facebook, Twitter, etc). If this option is selected, a secure random 32 character password is autogenerated. It is not possible to know whether any given password is human entered, or autogenerated.
Using common password lists and masks, I cracked 39 of the 11,997 hashes in about three weeks, 25 from the ████████ community and 14 from the ████████ community.</p>
</p>


The list of passwords he cracked are pretty wonderful - "007007bond", "123password" and more. TL;DR: use a 12-character password at minimum.
security  password  crack  database 
2 days ago by charlesarthur
php - Laravel 5.3 Password Broker Customization - Stack Overflow
This is a good guide to give you an idea of how to fully customize the password broker down to the behavior of how and when emails are sent and with what info. It worked for Laravel 5.4 with slightly looking bit of code. See the comments of the winning response.
stackoverflow  howto  override  laravel  laravel5  laravel5.4  laravel5.3  password  broker  reset  service  provider  custom  manager  fix  example  guide  reference 
2 days ago by racl101
KeePassXC Password Manager
KeePassXC

KeePass Cross-Platform Community Edition

The thing computers can do best is storing information.
You shouldn't waste your time trying to remember and type your passwords.
KeePassXC can store your passwords safely and auto-type them into your everyday websites and applications.

Download for Mac
software  security  password  mac 
2 days ago by wjy
个人密码管理 - 紅一葉
Quickly copy passwords from 1Password in iOS
Password 
2 days ago by Azeril
Hashes.org - Home
Hashes.org is a community recovering password from submitted hashes.
password  hash  reference  list  repository  hacking  cracking  security  pentesting 
2 days ago by asteroza
Special Publication 800-63 | NIST
64 character passwords without required specials, no forced rotation without evidence of compromise, no SMS 2FA, password paste OK
NIST  800-63  digital  identity  service  requirements  password  policy  guidance  information  reference  security 
2 days ago by asteroza
sakurity/securelogin: SecureLogin Client Implementation for Web, Desktop (with Electron) and Mobile (with Cordova)
securelogin - SecureLogin Client Implementation for Web, Desktop (with Electron) and Mobile (with Cordova)
authentication  password  security  node 
2 days ago by oppara
Passbolt | Open source password manager for teams
Passbolt is a free open source password manager for teams. Try our online demo!
gpg  pgp  password 
3 days ago by adam.gibbins

« earlier    

related tags

2017-06-11  2017-06-12  2017-06-19  2fa  800-63  account  analyzer  android  app  apple  apps  artisan  audit  auth  authentication  automation  aws  bots  broker  brute  check  checking  cli  client  code  crack  cracking  credential  cryptography  custom  database  debian  delicious  detector  devops  dictionary  digital  divest  documentation  encryption  ethereum  example  excel  exchange  expire  fc  file  filevault  fix  force  form  foss  free  generator  git  go  golang  govtech  gpg  gpu  guidance  guide  hacking  hash  help  honeyword  howto  html  http  icloud  identity  information  internet  ios  ios9  javascript  js  kee  keychain  keyring  laravel  laravel5.3  laravel5.4  laravel5  lasc  learning  linter  linux  list  login  lpm  mac  macos  management  manager  menu  nist  node  online  opensource  osx  override  parser  pass  passphase  passwd  password-generator  password-lists  password-manager  passwords  pentesting  pgp  policy  powershell  privacy  probability  programming  provider  pwsafe  random  recovery  reference  repository  requirements  reset  restore  reuse  safety  salesforce  secret  secrets  secure  security  service  setup  shopping  skill  snowden  software  ssh  stackoverflow  static  strength  stumpwm  sudo  test  testing  token  tool  tools  trucos  useful  user  utilities  versioncontrol  weak  web  wifi  windows  word-generator  wordlist  xkcd  yubikey 

Copy this bookmark:



description:


tags: