background preloader

Secure Salted Password Hashing - How to do it Properly

Secure Salted Password Hashing - How to do it Properly
If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is. There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. IMPORTANT WARNING: If you are thinking of writing your own password hashing code, please don't!. If for some reason you missed that big red warning note, please go read it now. You may use the following links to jump to the different sections of this page. What is password hashing? Hash algorithms are one way functions. The user creates an account. How Hashes are Cracked Adding Salt Salt Reuse Short Salt

https://crackstation.net/hashing-security.htm

Related:  olindgalletJava LibrariesSecurity

Introducing smartcrop.js / 29a.ch Image cropping is a common task in many web applications. Usually just cutting out the center of the image works out ok. It's often a compromise and sometimes it fails miserably. Evelyn by AehoHikaruki Can we do better than that? Retrofit Introduction Retrofit turns your REST API into a Java interface. public interface GitHubService { @GET("/users/{user}/repos") List<Repo> listRepos(@Path("user") String user);}

Brute Force Attacks Languages: English • 日本語 • (Add your language) Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.' They are, in short, an attack on the weakest link in any website's security: You. Inviting Hackers into Your Automated Home I was at the Web Directions South conference the other day and you know what really struck me? There is a lot of very cool, very connected stuff either here now or coming very soon. Hackable stuff! PSR-2 — Coding Style Guide This guide extends and expands on PSR-1, the basic coding standard. The intent of this guide is to reduce cognitive friction when scanning code from different authors. It does so by enumerating a shared set of rules and expectations about how to format PHP code. The style rules herein are derived from commonalities among the various member projects.

Introducing JDBCMetrics 22 May 2013 I've been working with different Java web applications since the late 90's and when there have been performance issues, I would say that 99% of the time, the problem is the database, or rather how it is used. At my last company (Josh) we had a really good connection pool wrapper, that collected data and made us know exactly what happens to the database. But that code isn't Open Source but there are other solutions out there like JDBCSpy and Log4JDBC that helps you get info. What I'm lacking is getting info per page basis and a better way of colleting the data. That's why I teamed up with Magnus Lundberg & created JDBCMetrics.

Bluejacking This Siemens M75 is Bluejacking the Sony Ericsson K600i pictured below This Sony Ericsson K600i is getting Bluejacked by the Siemens M75 pictured above. The text at the bottom of the screen reads "Add to contacts?" in Norwegian. Understanding the Risk of Mixed Content Warnings Ever see one of these? Or these? Or maybe this one? It means something is wrong with the website – very wrong – yet somehow we seem to keep building websites that do this. The problem, as you’ll see in the video below, is that it jeopardises the security of traffic going backwards and forwards over what otherwise appears to be a secure site, at least in terms of implementing SSL. Building Up Perlin Noise Let’s start with the interpolant. The original Perlin noise algorithm used a cubic Hermite spline of the form s(t) = 3t2 − 2t3. This particular function is also sometimes known as smoothstep. It describes an s-shape, ramping smoothly up from 0 to 1 over the range of 0 to 1. It’s also symmetrical around the center of this square; that is, s(t) = 1 − s(1 − t).

Related: