background preloader

Web security and js

Facebook Twitter

Passwords and strength indicators etc

Hi! I'm Sos! Livecoding.tv - Watch People Code Products, Live. Paper.js animation along a path. Specialization or blind loyalty? Designing only for WordPress. August 19, 2014 by Chris Wolfgang You, along with many design, dev, and creative shops around the globe, have probably at least considered making a complete shift to building only for WordPress.

Specialization or blind loyalty? Designing only for WordPress

As a CMS, it’s relatively simple, has complexity where it counts, and clients are finally comfortable with it. Whether you’ve taken the leap, you’re still contemplating, or you’ve decided against it, this thought probably found its way into your brain at some point: The continued success of our business would depend on the continued success of WordPress.

Should that scare me? Understand that it’s risky. Tom Greenwood (right), co-founder of Wholegrain Digital / Photo courtesy of Wholegrain Digital “We have this conversation a lot. Greenwood laughed, but don’t deny it: You’ve wondered about WordPress’ longevity too. “Maybe something new and exciting is going to come along and blow it out of the water,” Greenwood said. Watch for CMS newcomers. HTML5 Canvas Drawing Library Exploration: Paper.js. Var currentShape="circle"; var isPaused = true; var isInitialized = false; var buttons = []; var pauseButton; var shapes = ["circle","tricuspoid","tetracuspoid","epicycloid","epicycloid 2","epicycloid 3","lissajous","lemniscate","butterfly"]; var w = 800;

HTML5 Canvas Drawing Library Exploration: Paper.js

10,000 Top Passwords. Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites.

10,000 Top Passwords

Since then I have collected a large number of new passwords bringing my current list to about 6,000,000 unique username/password combos, including many of those that have been recently made public*. At some point I will make this full data set publicly available but in the meantime, I have decided to release the following list of the top 10,000 most common passwords. This list is ranked by counting how many different usernames appear on my list with the same password. Note that for this list, I do not take capitalization into consideration when matching passwords so this list has been converted to all lowercase letters.

WP_Consumer_Password_Worst_Practices.pdf. Processing.js. Raphaël—JavaScript Library. HTML5 Boilerplate: The web's most popular front-end template. About normalize.css. Normalize.css is a small CSS file that provides better cross-browser consistency in the default styling of HTML elements.

About normalize.css

It’s a modern, HTML5-ready, alternative to the traditional CSS reset. What's My Pass? » The Top 500 Worst Passwords of All Time. From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over.

What's My Pass? » The Top 500 Worst Passwords of All Time

Even the way people misspell words is consistent. Whitepixel breaks 28.6 billion password/sec - Zorinaq. I am glad to announce, firstly, the release of whitepixel, an open source GPU-accelerated password hash auditing software for AMD/ATI graphics cards that qualifies as the world's fastest single-hash MD5 brute forcer; and secondly, that a Linux computer built with four dual-GPU AMD Radeon HD 5970 graphics cards for the purpose of running whitepixel is the first demonstration of eight AMD GPUs concurrently running this type of cryptographic workload on a single system.

Whitepixel breaks 28.6 billion password/sec - Zorinaq

This software and hardware combination achieves a rate of 28.6 billion MD5 password hashes tested per second, consumes 1230 Watt at full load, and costs 2700 USD as of December 2010. Www2007.pdf.  Password Haystacks: How Well Hidden is Your Needle?   ... and how well hidden is YOUR needle?

 Password Haystacks: How Well Hidden is Your Needle?  

Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered. If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later? This interactive brute force search space calculator allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search. <! (The Haystack Calculator has been viewed 2,587,584 times since its publication.) IMPORTANT!!! Zxcvbn: realistic password strength estimation.

Over the last few months, I’ve seen a password strength meter on almost every signup form I’ve encountered. Password strength meters are on fire. Here’s a question: does a meter actually help people secure their accounts? It’s less important than other areas of web security, a short sample of which include: Preventing online cracking with throttling or CAPTCHAs.Preventing offline cracking by selecting a suitably slow hash function with user-unique salts.Securing said password hashes.

With that disclaimer — yes. These are only the really easy-to-guess passwords.