Explore >> Select a destination
|
You are here 
|
defuse.ca | ||
| | | | |
www.malos-ojos.com
|
|
| | | | | In September of this year a large dump, approximately 5 million, of what was claimed to be Google account usernames and passwords was dumped onto the internet. While Google's own analysis of the d... | |
| | | | |
myers.io
|
|
| | | | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | |
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
www.hivesystems.com
|
|
| | | NIST recently updated its decades-old password security guidance after years of scrutiny, skepticism, and flat-out ineffectiveness finally forced the agency to address practical security considerations and realistic threats while abandoning what many considered to be ineffective security theater. | ||
