Explore >> Select a destination
|
You are here 
|
defuse.ca | ||
| | | | |
myers.io
|
|
| | | | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | |
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
blog.ropnop.com
|
|
| | | | | After compromising an OpenNMS server, I recovered salted password hashes. I couldn't find any info online, so I reversed them and wrote a tool to crack them | |
| | | | |
www.martinvigo.com
|
|
| | | Today, LastPass issued a security notice on their blog explaining that they detected some suspicious activity on their network. They believe that "LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised" but also that the encrypted passwords (the vault) was not accessed. What does all this reallymean? I found ... | ||
