Collaborate Disseminate
I have a main user with home folder encryption enabled. To avoid typing long phrase each time I want to have another user with sudo privilege and weak password.
In the terminal I would first switch user to further do any admin work
main@ma… Continue reading Sudo user without ability to login
Typically for user passwords we store their hashes and salt alongside in the database – one per user.
I wonder the security implications of hashing the same password twice and storing locally both.
hash(pwd, salt1) # => $digest1$salt1
… Continue reading Storing two hashes of same password?
For about 20 years, I’ve been using gnupg to encrypt a plain-text file containing my passwords. (The actual per-site passwords are generated using a hash function.) It’s worked OK for me, but gnupg is a very heavy-weight system that’s real… Continue reading Practicalities, implementation, and weaknesses of simple symmetric encryption for plain text files
I use Google to store some of my passwords and I noticed a "On-Device encryption" option in Google Chrome settings, that I had disabled. From what I understood, by allowing this, the password would first be encrypted on my device… Continue reading How does Google’s "on-device encryption" work?
I’ve made a list of the services/devices that require a PIN code. Shockingly, it’s over 10, which I find impossible to remember, so I need a strategy to reuse the codes.
What could be a strategy for doing it in the most secure way?
Devices… Continue reading How to reuse PIN codes in the most secure way?
It’s said that a Windows Machine Account Password is usually composed of 120 characters in UTF-16-LE format. But when looking at the value stored in the Windows Registry under HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC\CurrVal one finds a s… Continue reading How is a Windows Active Directory Machine Account Password stored in Windows/Samba Clients?
my computer’s OS drive is fully encrypted with Veracrypt’s system encryption: https://veracrypt.eu/en/System%20Encryption.html
Is there a way to remotely enter the password in the pre-boot authentication screen? Like sending it via LAN or … Continue reading Full disk encryption: remotely enter password (Veracrypt or other solutions) [migrated]
My mother is 67 years old. She is a brilliant woman, educated and not at all afraid of technology. Yet, when I tried to get her to install Google Authenticator and use multi-factor authentication (MFA) for logging into applications, she found herself s… Continue reading 5 rules to make security user-friendly
For the purpose of my studies, I am trying to answer the below scenario, in my opinion it is not a good idea, because it would leave the system open to brute-force attacks.
A novel password scheme is suggested, where it requires long pass… Continue reading Why is it a bad idea to accept passwords one character at a time for an authentication mechanism?
Let’s assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions.
Word conditions:
The first word is not a valid word and can’t be found in any dictionary. It’s twice the lengt… Continue reading How to analyze the security of a custom passphrase?