What is the best practice for dealing with passwords in git repositories?

The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config, then you would commit a file called foobar.config.example to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config with your real password … Read more

Password hint font in Android

Changing the typeface in xml didn’t work on the hint text for me either. I found two different solutions, the second of which has better behavior for me: 1) Remove android:inputType=”textPassword” from your xml file and instead, in set it in java: EditText password = (EditText) findViewById(R.id.password_text); password.setTransformationMethod(new PasswordTransformationMethod()); With this approach, the hint font … Read more

Setting the MySQL root user password on OS X

Try the command FLUSH PRIVILEGES when you log into the MySQL terminal. If that doesn’t work, try the following set of commands while in the MySQL terminal mysql -u root mysql> USE mysql; mysql> UPDATE user SET password=PASSWORD(“NEWPASSWORD”) WHERE User=”root”; mysql> FLUSH PRIVILEGES; mysql> quit Change out NEWPASSWORD with whatever password you want. Should be … Read more

Your password does not satisfy the current policy requirements

Because of your password. You can see password validate configuration metrics using the following query in MySQL client: SHOW VARIABLES LIKE ‘validate_password%’; The output should be something like that : +————————————–+——-+ | Variable_name | Value | +————————————–+——-+ | validate_password.check_user_name | ON | | validate_password.dictionary_file | | | validate_password.length | 6 | | validate_password.mixed_case_count | 1 … Read more

How to bind to a PasswordBox in MVVM

Maybe I am missing something, but it seems like most of these solutions overcomplicate things and do away with secure practices. This method does not violate the MVVM pattern and maintains complete security. Yes, technically it is code behind, but it is nothing more than a “special case” binding. The ViewModel still has no knowledge … Read more

What data type to use for hashed password field and what length?

Update: Simply using a hash function is not strong enough for storing passwords. You should read the answer from Gilles on this thread for a more detailed explanation. For passwords, use a key-strengthening hash algorithm like Bcrypt or Argon2i. For example, in PHP, use the password_hash() function, which uses Bcrypt by default. $hash = password_hash(“rasmuslerdorf”, … Read more

Is “double hashing” a password less secure than just hashing it once?

Hashing a password once is insecure No, multiple hashes are not less secure; they are an essential part of secure password use. Iterating the hash increases the time it takes for an attacker to try each password in their list of candidates. You can easily increase the time it takes to attack a password from … Read more

Getting a hidden password input

Use getpass.getpass(): from getpass import getpass password = getpass() An optional prompt can be passed as parameter; the default is “Password: “. Note that this function requires a proper terminal, so it can turn off echoing of typed characters – see “GetPassWarning: Can not control echo on the terminal” when running from IDLE for further … Read more

Cannot import the keyfile ‘blah.pfx’ – error ‘The keyfile may be password protected’

I was running into this problem as well. I was able to resolve the issue by running sn -i <KeyFile> <ContainerName> (installs key pair into a named container). sn is usually installed as part of a Windows SDK. For example C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\sn.exe. Most likely this location is not on the search … Read more

Java 256-bit AES Password-Based Encryption

Share the password (a char[]) and salt (a byte[]—8 bytes selected by a SecureRandom makes a good salt—which doesn’t need to be kept secret) with the recipient out-of-band. Then to derive a good key from this information: /* Derive the key, given password and salt. */ SecretKeyFactory factory = SecretKeyFactory.getInstance(“PBKDF2WithHmacSHA256”); KeySpec spec = new PBEKeySpec(password, … Read more