All Questions
18 questions
-1votes
1answer
145views
Is there any secure method to have recoverable passwords?
I have a local application that normally authenticates against a remote Active Directory server. If the local host loses network connectivity, a special local account becomes available for login. ...
- 99
0votes
0answers
205views
Custom password security algorithm? [duplicate]
How secure would it be if you applied custom algorithms (that you obviously wouldn't reveal to the public) to a hashed password? Like splitting up a hashed string, shuffling it around, possibly even ...
0votes
2answers
398views
What is the standard practice to maintain a password for different websites? [duplicate]
I have come across many users who maintain a re-used password for each and every website, such as P@ssw0rd123 The problem with this approach is if someone breaches the protections of a particular ...
- 397
8votes
4answers
6kviews
Do all Authenticator Apps use the same algorithm?
I've tried some Authenticator Apps (Google,Microsoft,Authy,Lastpass,...) and all of those apps generate same one time passwords at the same time ? So, these apps are use the same algorithm which is a ...
13votes
4answers
6kviews
Implementation of diceware: do I have to simulate dice roll?
I am creating a small utility for generating passwords based on the diceware method. At the moment I am very close to the algorithm of real diceware - i.e. I simulate rolling dice n-times to get a ...
0votes
2answers
196views
Rearranging hash adds no security?
I'm a rookie when it comes to Information Security so I've been reading a lot of the top questions on this stackexchange for the sake of learning. I came across this question that discusses hashing. ...
- 15
1vote
2answers
300views
Identify a user using random characters of the password
Assuming a password is not stored in plain-text, how is it possible that a support guy is able to identify during a phone call a customer by asking him random characters of his password? For example, ...
user15194
1vote
1answer
2kviews
How to implement iterations when hashing passwords?
To securely hash passwords, algorithms such as PBKDF2 do many iterations of a common hash such as SHA1. Are there certain ways that these iterations need to be done to be safe? In particular, from ...
- 35.4k
1vote
2answers
369views
How can i Identify and use hash function given enough text and their hash?
So, I have this old program currently in use, as i have access to the database i have adopted all data i need except the user passwords.. Now users will provide me with the plain text password and ...
- 123
2votes
3answers
6kviews
My friend hashes passwords with SHA512 algorithm without salt. How do I convince him that he needs to add salt?
Today I discovered something incredibly stupid - my friend hashes user passwords with sha512 algorithm without a salt. I immediately raised this issue to him but he said he wants to see anyone crack a ...
- 869
-3votes
1answer
1kviews
What is the algorithm of bcrypt? [closed]
In many places I heard that people recommend to use the bcrypt algorithm to save passwords into database while creating web applications.I want to know what is the algorithm used to bcrypt a password ...
- 2,097
0votes
4answers
5kviews
Password Hashing Without a Unique Salt
I have a question about password hashing. This is not a question about the the BEST POSSIBLE method of hashing passwords, but rather a more utilitarian question about what is sufficient to hash a ...
Ryan Williams
42votes
2answers
31kviews
Salted hashes vs HMAC?
Most of discussions involving access credentials include references to "hashing salted passwords". Is this another way to referring to the HMAC algorithm or a totally different operation? Different or ...
- 2,053
7votes
3answers
2kviews
Is it a good idea to have a "master" password?
Though I do have a good memory of passwords, it is quite impossible to have one password per application. Yet, it should be... My current way to deal with passwords is to have five passwords and to ...
- 4,697
4votes
6answers
1kviews
Methods for remembering passwords around the web [duplicate]
What's the least painful way to manage passwords for user accounts that you have on various sites? I see only 3 options: Password manager. Passwords can be different and strong, but the downside is ...
- 43
