Collaborate Disseminate
I would like to store the password for my MySQL database in an AWS KMS. The access should be handled by the Secret Manager. It works well if I store it in KMS and access it with the Secret Manager ANR:
<?php
require ‘vendor/autoload.php… Continue reading Storing MySQL password in a secure way in AWS KMS?
My Android device has 3 authentication methods combined:
Text password (can use most symbols)
Password consisting of digits
Graphical password
As far as I know these are not only used to unlock the device’s screen, but also its disk is e… Continue reading Android unlock password: how to get a good tradeoff between security and convenience?
My Android device has 3 authentication methods combined:
Text password (can use most symbols)
Password consisting of digits
Graphical password
As far as I know these are not only used to unlock the device’s screen, but also its disk is e… Continue reading Android unlock password: how to get a good tradeoff between security and convenience?
Is it really that simple?
I guess having a master password will prevent that, but the drawback is that it is asked each time I open the web browser.
Continue reading Will a hacker be able to steal my passwords if they steal my Firefox config folder?
I am designing an account system that will use salting/hashing to securely store and compare passwords. For now, I’m looking at using bcrypt for password hashing. Somewhere along the way I’ll need a way to ensure that users can store secre… Continue reading Encrypting/Decrypting User Secrets with Password
I’m working with some middleware that requires username/password authentication. The middleware uses MD5 hash for the password. The MD5 hash, of course, is not fit for the purpose of storing passwords. We need to address this.
We tried mod… Continue reading Is it safe to store a password using a secure hash followed by an insecure hash?
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using multi-factor authentication (MFA). These best practices explain why MFA remains one of the best defenses for mitigating password risk and prev… Continue reading MFA still offers the best chance of keeping data secure
I am currently generating a salted SHA 256 passwords in the below format
$hash = "{SHA256}".base64_encode(hash(‘sha256’, $password . $salt) . $salt) .
Using the below libraries of Java classes to generate.
java.security.MessageD… Continue reading How different ldap implementations are generating random salt?
I have a SSHA256 hashed password. Below is the plaintext and hashed password for it.
PlainText -p@ssw0rd
Encrypted -{SSHA256}LGkJJV6e7wPDKEr3BKSg0K0XDllewz9tvSNSaslDmIfPFmyuI5blUK/QsTXjvgFKLlMQm1jPC7K7z/KaD4zoHQ==
How can I extract salt f… Continue reading How can I extract salt from encoded base64 Salted SHA 256 hashed password
For my website that is currently in development, I am trying to figure out a way to handle authentication. I am using mysql as my database and nodejs for my server. Currently, my website does the following: Whenever a user signs up, the us… Continue reading Should I update the way I handle authentication for my website?