Collaborate Disseminate
I have been thinking about how to store my master passwords (password manager, email and device passwords) for quite a while and I just haven’t been able to come up with a satisfying solution yet. I really want to avoid having outsiders ga… Continue reading Amnesia and death proof master password
Personally, I think that it’s not so important to check the strength of the passwords on server-side, since, if the user evades the validation on the client side, it would be their responsibility to use an insecure password; however, I don… Continue reading Should password strength validation also be run server-side or only client-side?
I have a password with the example of
buddy9221!!
Using John The Ripper or Crunch, how can I generate a password with buddy 4 numbers and two special characters?
Continue reading Creating a wordlist based on a password given [closed]
Sometimes browser spellcheckers leak passwords:
When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.
Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.
The solution is to only use the spellchecker options that keep the data on your computer—and don’t send it into the cloud…
I want to debug bcrypt rounds with a static salt using this python lib
import bcrypt
salt = bcrypt.gensalt(14)
password = b"foo"
foo_1_round = bcrypt.kdf(password, salt, desired_key_bytes=10, rounds=1)
foo_2_rounds_manually = bcr… Continue reading Debug bcrypt iterations with a static salt [closed]
I’m trying to grasp which benefit can KDF like PBKDF2, scrypt and bcrypt (I know that bcrypt is technically not KDF) may bring over hashing in loop like sha256sum(sha256sum(sha256sum…..(salt + master password))) – N times, where N equals… Continue reading KDF vs hash function in loop for hashing password
Technologies like Zero-knowledge password proof and PAKE seems to be pretty mature but almost all modern web-sites still send passwords over HTTPS to check authentication. At first glance, this protocols look like a magic pill, but still n… Continue reading Why PAKE or Zero-knowledge password proof didn’t replace sending a password via HTTPS
So, suppose a person accidentally typed their complex encryption password into Google search. They weren’t logged in to any Google services so the search was anonymous, and they continued to use this password afterwards. What I am curious … Continue reading Does Google share it’s international database of search queries with LEA agencies for purposes of breaking encryption?
Many banks I have worked with require between 4-6 characters passwords. Some even force to use only digits.
Such a poor password is protecting your financial information, because MFA is usually not available. It’s truth that when you want … Continue reading Why banks require such a low password entropy for web/app access?
If you do not want to use Dashlane anymore, you can delete Dashlane account and data using this tutorial. Whether you have saved one or one hundred passwords and notes, you can delete all of them and cancel your account easily – Free and Paid, bo… Continue reading How to delete Dashlane account and data