By stating that ...
read moreChange the following settings in Firefox's about:config to enable TLS v1.1.
Steps
This is a guest post by BreShiE.
DDoS attacks are becoming more and more frequent in today's world, with any average person being able to download or purchase such tools from online, public forums. You may have heard about the self proclaimed hacktivist group "Anonymous" and their infamous take-downs ...
read moreThis is a simple Ruby script that helps you memorize a password by making you type it over and over again. It first breaks the password into chunks of 4 characters, helps you to memorize each chunk, then every consecutive pair of chunks, then every consecutive triple... and so on ...
read moreSteps to reset a Windows account password given physical access to the box:
Here's how to do encrypted automated backups without having to store the password in the backup script. The script should be self-explanatory (after all, it is 50 lines of comments for just one real line of code).
#!/bin/bash
# File name: backup.sh
# This script automates the process of ...
read more
With this post I will try to show how, in a theoretical scenario, deliberately weakening the collision resistance of a password hash function can increase security. This is by no means a formal proof.
Suppose Alice has an account on two computer systems X and Y. She uses the same ...
read moreSo there's this video of a voting machine that selects Romney when you try to click on Obama.
To someone who has had some experience with touch screen technology, it looks like the touch system is just out of sync with the UI, which could be fixed by re-calibrating ...
read moreToday, I came across an article on password cracking. In the comment section I saw someone had posted (presumably right after they just read about salting) the following reply:
My solution: don't store hashes as a single SHA1 or MD5 result ... combine it for further obfuscation. A hash is ...read more
Suppose a system uses a constant internal initialization vector to encrypt/decrypt data in CBC mode, and you'd like to know what it is. If you can make the system decrypt chosen ciphertexts, this is how you do it:
Use the following code to escape user-supplied input before inserting it into a JavaScript string literal.
<?php function js_string_escape($data) { $safe = ""; for($i = 0; $i < strlen($data); $i++) { if(ctype_alnum($data[$i])) $safe .= $data[$i]; else $safe .= sprintf("\\x%02X", ord($data[$i])); } return $safe; }
Example:
<script> var foo = "<?php ...read more
This week, LinkedIn, eHarmony, and last.fm have all confirmed that their password hash databases have been breached. In all three cases, passwords were stored as an unsalted hash. I've already reported the results of cracking LinkedIn's password hashes with CrackStation, now it's eHarmony's turn.
eHarmony ...
read moreLinkedIn's user database has been breached. The passwords were hashed with SHA1, but salt was not used. 6 million of them have been published to the internet. You can download them via torrent or via HTTP from defuse.ca's mirror. 3.5 million of them have had their ...
read moreToday a member of GRC's Newsgroups posed a question about security through obscurity:
read moreIt seems to me that ALL digital security is EXACTLY "security through obscurity". Take, for example, AES... It isn't that the possible range of keys is unknown, it is just a cleverly hidden needle in ...
We know that it's possible to come up with a password that no computer on earth can crack. Use true random data to generate a sequence of 20 characters from the full ASCII printable set, spend an hour memorizing, and you're good. We also know that most people ...
read more