塔河下游生态输水水头7天到达台特玛湖
百度 产业兴旺是实现乡村振兴的基石。
Specific to the security of passwords: hashing, entropy, cracking, resets, lockouts, etc.
60 questions from the last 365 days
0
votes
1
answer
135
views
Avoiding insecurities when generating passwords in bulk
Suppose I have a legacy system that has a short maximal length for passwords (say 10-12 characters, or an amount that is barely infeasible for an attacker). I want to generate initial passwords for ...
- 3
1
vote
0
answers
46
views
How can we encrypt password in svnserve.cfg?
I would like to check the possilbity about encrypt passowrd of authz users that we configured in svnserve.cfg
I have installed SVN in REHL9.4.
Configure password at SVN/.../respository-name/config/
...
- 11
-1
votes
1
answer
155
views
How much does it cost to break a strong password? [duplicate]
This is from a coffee discussion.
The enterprise policy is to use a password with an entropic score of 80 (on keepass).
The discussion was about what the cost would be (time/money/knowledge) to break ...
1
vote
1
answer
86
views
Can having only 2FA backup codes be ever enough for attacker to log into an account? [closed]
I couldn't find it stated anywhere clearly:
Let's say the attacker knows the username of an account. Now, if they get hold of 2FA backup codes for this account - and nothing else - can they somehow ...
- 395
0
votes
0
answers
130
views
Is it necessary for all to change passwords due to the recent 16 billion records data leak?
Like this article from CyberNews (initially published on June 18th 2025) says:
Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 ...
- 435
1
vote
0
answers
87
views
Passwords keep changing - cleaners don’t work [closed]
I routinely have passwords reset. My Apple ID password changes regularly. When I set up my proton mail account it changed within a half hour. I did not forget/reuse the password. I took a picture ...
- 11
5
votes
2
answers
671
views
How do you independently verify that credentials have been rotated?
PCI compliance requires us to rotate passwords, but mainly seems to allow us to attest to the fact that we rotated the passwords based on trust that the work we say we're doing is getting done.
But as ...
- 211
0
votes
2
answers
136
views
Best implementation or methods/practices for making a "Secure As Possible" remember me cookie?
I've been researching the best ways and practices for handling remember-me cookies for my website's users so that they have active sessions and stay logged in for 30 days.
These articles here for ...
0
votes
3
answers
321
views
Is multiple encryption with different passwords a good idea?
What happens if I encrypt a file 100 times with different encryptions and with different random passwords that are stored locally, is it secure enough? Is it uncrackable?
- 1
4
votes
2
answers
741
views
Are truncated SHA-256 hashes safe enough when collisions are not a risk?
Apologies if this is a duplicate, I’m having trouble even to find the right words for it.
As far as I am aware, password authentication usually works in a way that the server stores a hash of the ...
- 153
2
votes
0
answers
88
views
Why can't a Cognito user in the FORCE_CHANGE_PASSWORD state go through the forgot password flow?
If an AWS Cognito User Pool user is in the FORCE_CHANGE_PASSWORD state, they won't be able to go through the "forgot your password" flow to get a password-reset confirmation code.
Why not? ...
- 121
11
votes
2
answers
5k
views
Why aren't passwords also hashed on client side on desktop applications?
My understanding of the standard best practice way to handle passwords is:
Establish a secure encrypted connection between client and server.
Client sends password in plaintext over this encrypted ...
- 113
3
votes
1
answer
213
views
SHA-256: thoughts and experiment
Take the following sequence, for example:
hello! = string a
SHA-256 of a: ce06092fb948d9ffac7d1a376e404b26b7575bcc11ee05a4615fef4fec3a308b = b
SHA-256 of b: ...
3
votes
1
answer
413
views
What does the parallelism parameter in memory-hard password hashing algorithms adjust?
When I change the parallelism parameter on Scrypt or on Argon2, which processing unit's threads do I influence? The CPU's threads? The GPU's threads? How does this all work?
14
votes
3
answers
4k
views
Security implications to removing delay on empty passwords?
Login prompts on many systems (like Ubuntu) have a delay if an incorrect password is used. I understand this is to inhibit brute force attacks. Would there be any security implications to having no ...
- 241