Password
Common passwords blacklist
- Albert Zenkoff
- 2013-01-09
- Technology, blacklist, brute force attack, general, Password, password database, password verification, passwords, rules, technology
Any system that implements password authentication must check whether the passwords are not too common. Every system faces the brute-force attacks that try one or another list of most common password (and usually succeed, by the way). The system must have a capability to slow down an attacker by any means available: slowing down system ...
Read MorePassword storage in summary
- Albert Zenkoff
- 2012-07-29
- Technology, bcrypt, hash, hashing, hashing algorithm, Password, password schemes, password storage, passwords
We discussed the password storage in the article Speaking of passwords…and concluded that password implementation requires a cryptographically strong, contemporary (as in “very, very slow”) one-way hash function with a randomly generated salt for every password. This is pretty much all you need to take care of. Salting is fairly straight-forward but it is essential to ...
Read More
Speaking of passwords…
- Albert Zenkoff
- 2012-07-22
- Technology, database, encryption, hash, hashing, howto, Password, password database, password hashing, passwords, rainbow tables, random salt, salt, user information
Wouldn’t it be quite logical to talk about passwords after user names? Most certainly. Trouble is, the subject is very, very large. Creating, storing, transmitting, verifying, updating, recovering, wiping… Did I get all of it? It is going to take a while to get through all of that, do you reckon? Let’s split the subject ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
