I regularly use 2 or 3 machines simultaneously, and have “remember me” on all of them. If one of them disconnected the others that would be very annoying, so I wouldn’t recommend it. Traditionally it would use a time-out, the cookie expires after a certain length of time (or when the user signs out). It … Read more
The point of a salt is to prevent attackers from amortizing the cost of a brute force attack across sites (or better yet, when using a different salt for each user: all users of a site) through precomputed rainbow tables. With plain hashing, an attacker can compute such a table once (a very long, costly … Read more
Not exactly the most robust password protection here, so please don’t use this to protect credit card numbers or something very important. Simply drop all of the following code into a file called (secure.php), change the user and pass from “admin” to whatever you want. Then right under those lines where it says include(“secure.html”), simply … Read more
@wrang-wrang answer was really good, but did not fulfill my needs, this is what my final code (which was based on this) look like: #ifdef WIN32 #include <windows.h> #else #include <termios.h> #include <unistd.h> #endif void SetStdinEcho(bool enable = true) { #ifdef WIN32 HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); DWORD mode; GetConsoleMode(hStdin, &mode); if( !enable ) mode &= … Read more
There is no way to send a password securely that the user can verify without SSL. Sure, you can write some JavaScript that will make a password secure for over-the-wire transmission through hashing or public-key-encryption. But how can the user be sure that the JavaScript itself has not been tampered with by a man-in-the-middle before … Read more
Another way to remove VBA project password is; Open xls file with a hex editor. (ie. Hex Edit http://www.hexedit.com/) Search for DPB Replace DPB to DPx Save file. Open file in Excel. Click “Yes” if you get any message box. Set new password from VBA Project Properties. Close and open again file, then type your … Read more
First, let’s recall the reason for the recommendation to use char[] instead of String: Strings are immutable, so once the string is created, there is limited control over the contents of the string until (potentially well after) the memory is garbage collected. An attacker that can dump the process memory can thus potentially read the … Read more
With “salt round” they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing the cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing. … Read more
Salt is traditionally stored as a prefix to the hashed password. This already makes it known to any attacker with access to the password hash. Using the username as salt or not does not affect that knowledge and, therefore, it would have no effect on single-system security. However, using the username or any other user-controlled … Read more
You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3: # allows any user to see this directory Satisfy Any The syntax changed in Apache 2.4, this has the same effect: Require all granted