Explore >> Select a destination
|
You are here 
|
eapolsniper.github.io | ||
| | | | |
8yd.no
|
|
| | | | | Passwords should be set, not sent - and other things I thought about when someone talked about password-emailing as a natural part of the user registration. I'm no security expert, but that's a big n... | |
| | | | |
tashian.com
|
|
| | | | | The story of a major hash table vulnerability, and how it took a decade to uncover and resolve. | |
| | | | |
myers.io
|
|
| | | | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | |
| | | | |
blog.codinghorror.com
|
|
| | | The multi-platform password crackerOphcrackis incredibly fast. How fast?It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure. TheMicrosoft password strength checkerrates it "strong." TheGeekwisdom password strength meterrates it "mediocre." Why is Ophcrack so fast? Because it | ||
