-
I've stumbled upon a case where long strings (over 72 bytes long) would always return true in matching even if the last characters where different...
Digging deeper i discovered that indeed bcrypt ha…
-
```
Please support bcrypt in com.google.common.hash.Hashing
http://en.wikipedia.org/wiki/Bcrypt
"A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres
(USENIX, 1999)
http://www.ope…
-
To use the new ES6 features on the server side I see that we need to have the ecmascript package installed. This was one of the packages removed during the installation of angular-meteor and when I re…
-
The password hashing library used here is very insecure, and would likely fall very quickly to brute force attacks. It defaults to a single iteration, and uses and outdated sha1-hmac hashing algorithm…
-
```
Please support bcrypt in com.google.common.hash.Hashing
http://en.wikipedia.org/wiki/Bcrypt
"A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres
(USENIX, 1999)
http://www.ope…
-
The Ars Technica article
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/
said that they quickly bruteforced all passwords of 6 or less, plus the all-up…
-
```
Once issue 830 is fixed, I intend to use Guavas Hashing API for creating
password hashes. At the moment, the code would look something like this:
public static String encodePassword(String passw…
-
```
Once issue 830 is fixed, I intend to use Guavas Hashing API for creating
password hashes. At the moment, the code would look something like this:
public static String encodePassword(String passw…
-
```
Once issue 830 is fixed, I intend to use Guavas Hashing API for creating
password hashes. At the moment, the code would look something like this:
public static String encodePassword(String passw…
-
Reading http://www.codeigniter.com/userguide3/general/security.html#password-handling I noticed there is a recommendation:
> DO NOT put artificial limits on your users’ passwords.
>
> There’s no poi…