All Questions
53 questions
1vote
0answers
174views
Why does a password guessing robot repeatedly test nonsense?
I log repeated invalid login attempts on a small custom made e-shop (no open source system is used). Last year, I started recording repeated failed logins from a single IP address. That's why I ...
29votes
6answers
7kviews
Is it insecure to display the number of characters when users enter a new passphrase?
When users are entering a new passphrase somewhere, it's helpful to provide feedback on the number of characters received by the system. In a user experience (UX) test I just ran, my user created a ...
- 409
0votes
0answers
68views
Could I have prevented my Facebook password from being stolen by these trojan apps? [duplicate]
According to this Dr. Web article: Doctor Web’s malware analysts have discovered malicious apps on Google Play that steal Facebook users’ logins and passwords. These stealer trojans were spread as ...
- 101
0votes
2answers
606views
Password Strength Determination
Recently, I've checked the some articles including R. E. Smith, The Strong Password Dilemma. ch. 6., Password Strength: An Empirical Analysis, Distance between two passwords and Password strength ...
- 103
68votes
6answers
62kviews
My email address is being used to enroll for online services. Should I be concerned?
Just before Christmas I received the following message in one of my GMail accounts: Sign-in attempt was blocked ********@gmail.com [redacted by me] Someone just used your password to try to ...
- 777
0votes
4answers
528views
Attacks on password-based encryption
Frequent attacks on password-based encryption are dictionary attacks with special hardware. I suspect that this is the only promising attack on the ciphertext. Is that correct? Another attack ...
- 256
0votes
1answer
392views
Decrypt hash using dicionary attack
Let's consider that I'm the attacker and have access to hashes of passwords of a given database against which I will attempt a dictionary attack. My question is: Will I be able to find out by ...
8votes
1answer
595views
Kerberos Attacks Questions
It's amazing how many "Attacks on Kerberos" articles exist out there and almost none really explains the small details. My guess is that usually they assume it's basic knowledge and sometimes, they ...
1vote
0answers
1kviews
Using Reaver in various UK routers results in stop after 90% progress
I've been trying to make use of the current wifi audition techniques in regards of Router Password retrieval. GEAR: I've been through car boot sales and acquired some of the current routers on the ...
- 11
1vote
0answers
146views
Password reset link was delivered via text not email, how and why? Any insight is appreciated [closed]
I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...
- 11
6votes
1answer
533views
How can short-circuit hash equality be exploited?
I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....
3votes
3answers
5kviews
Securely changing Veracrypt password
How can I change a Veracrypt (master) password efficiently and securely? Based on the answers here, it is not safe to use system --> change password due to various reasons. I cannot simply image ...
- 169
4votes
2answers
2kviews
Using weak Veracrypt password safe?
Is it safe to create a Veracrypt partition (on a USB) such that it takes up the whole device (ie. not a "file", but using the USB as the storage container) it contains only a standard volume (no ...
- 169
1vote
0answers
327views
what are the advantages and disadvantages of assigned password? [duplicate]
I am trying to understand if it is good or bad if an application assigns an initial password to each user and, at an appropriate time, assigns a new password. The user has no role in choice of ...
- 11
1vote
0answers
283views
How easily could a picture password be hacked with brute force? [duplicate]
In Windows 8.1 Microsoft introduced a method to login using gestures over a picture. The picture password is determined by size, position and direction of any combination of circles, straight lines ...
- 185
