Collaborate Disseminate
In 2021, we’re celebrating the 60th anniversary of the computer password’s invention, but it also marks the year of some of the worst password mishaps this century. To honor the milestone, Dashlane announced its 2021 Worst Password Offenders list. Afte… Continue reading Password offenders: Who’s the naughtiest of them all?
Is there any security issue if I use for example my Gmail account to store passwords from another resources instead of using any password manager like a KeePass?
If my password for Gmail account is not duplicated on any other resources, it… Continue reading Password manager vs Gmail
I made an Ethereum wallet using a complex password containing ?[-_$> characters. I ran john against the hash generated by ether2john.py:
$ ethereum2john.py path_to_my_ethereum_wallet >wallet.hash
$ echo -e "123\n$PASSWORD" … Continue reading John The Ripper fails to find password existing in the wordlist
I’ve never seen any example of this and I’m just curious why? Why is it not okay just to pass it through HTTPs + encoded in a JWT? I will not be storing the password anywhere on the client side, I will just be reading it once. I’m pretty s… Continue reading Passing password back from server to client?
I was reading the BitWarden Security Whitepaper (BitWarden is an open source, zero-knowledge password manager that performs encryption/decryption on the client side) and came across the following statement:
A Master Password hash is also … Continue reading Security implications of using a plaintext master password as the salt for PBKDF2 in a zero-knowledge system
A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported passw… Continue reading 30% of online users suffered security breaches due to weak passwords
While NIST mentions only the hashing algorithms for use in cryptography, there is lack of clarity specifically for password hashing algorithms.
Does anyone know are there any algorithms approved by NIST for password hashing?
Also, I could … Continue reading support for adaptive password hashing algorithms [closed]
I was having a coffee with a good mate the other day. He’s not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he’s a normal person, he has the same 1 or 2 or 3 he uses everywhere
Continue reading A Password Manager Isn’t Just for Christmas, It’s for Life (So Here’s 50% Off!)
I would love to gather some information on how to program my own password manager properly as I’m pretty new to security. Currently, I’m using pythons cryptography module and a sqlite database.
The data in the database is encrypted with Mu… Continue reading password manager and key management
Imagine an authentication system where instead of Username / Password i just require a long, complicated, hard to guess string (eg, "ddjd9384aa.fdsa.3822" or the hash of a picture that only i have on my hard drive). Would this be… Continue reading Would a single complicated string be a sufficent identifier/password? [closed]