Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
There are several ways to secure passwords with an automated encryption algorithm, but sometimes it's best to write it down on paper and keep the paper itself secured. Hackers can't easily get to paper. However, if someone finds that paper, they can see the passwords plainly.
What's a non-automated method of securing information on a piece of paper? For example, have the real password be in every other character (eg p1a2s3s4w5o6r7d8 = password).
Take a character sequence from a book you have lying besides your computer. You can take the sequence in any number of ways: First/second/etc. letter of each word in a chapter you decide, for example.
Have a look here for some history and ideas about steganography ;) Your example is a simple working one, you can even use an invisible ink or write it backwards with only every 5th character relevant etc., it is up to your imagination :)
What youre suggesting is a simple cypher. I'm not sure why you'd want to implement something like that vs. using a password manager like KeyPass but you can us a simple substitution cyper where A=Z, Z=A etc. if you need to write it down.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have a program that prompts for a PIN before performing particular actions. The PIN is stored, encrypted, in a local config file along side the executable binary. User enters PIN, program decrypts and compares to the stored value, if they are equal, ok, if not etc.
I'm aware this kind of security check could potentially be circumvented with forensic tools that alter the binary, in affect, changing the '==' to '!=' in the right place to make all the wrong PIN's pass the test in my example.
This may be a stupid question, as I know from the first 2 minutes of googling it's a big and challenging topic, but I still thought I should start with checking on features of the language/compiler I'm actually using first. So, are there any features natively available with Go to make this kind of attack harder to successfully perform?
No, there is nothing remotely like this in the official go compiler or standard library.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
It seems there are legal issues associated with AES-256 (it is disabled in Java, and Oracle tells me in their UnlimitedJCE Policy that I am "advised to consult" my "export/import control counsel or attorney to determine the exact requirements" before turning it back on and the page on Wikipedia does not look very friendly either).
It also seems that AES-128 is "fine" (at least the people responsible for putting together the JDK have come to that conclusion).
So can I just use AES-128 and feel happy with my encryption? Is it still safe enough to protect the data for a couple of more years from all but the most resourceful attackers?
Check this very simple website: http://www.keylength.com.
There you can find the various recommendations made by academic and private organizations across the world. They don't all say the same thing, but they are all in the same ballpark.
For instance, NIST claims that AES-128 is fine at the very least up to 2030.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I had to put a captcha on my form. In favor of user-friendliness and internationalization I went with a simple math question.
Since that's almost too simple for bots to crack, I decided to put the entire question in ASCII. Is this relatively safe or can it still be easily bypassed by most bots?
I have: & #87; & #104;& #97;& #116; & #105;... and it will output "What is 4 + 1?"
Generate an image of the math question instead. And probably apply some simple transformations if you need more security.
The HTML escape is easy to bypass as it is a computer readable format. For a bot detections scheme to be successful the task must be easy for a computer to generate, easy for a human to solve, and difficult for computer to solve.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I've come across a system that requires you to include a number in your username. I feel this is pointless, as the username should be easy to remember, and not be subject to requirements that may be applied to passwords.
However I can't find a good write up of the reasons for this. Can anyone reference a good source for this, and/or explain it in better words than I can?
Edit: I'm getting answers explaining why they do this, which are certainly of value, but there must be a write up somewhere of how to make a secure login system, that advocates a simple, easy to remember username.
Having no clue about the specific system mentioned, if one can call support and say something like "My username is John and I forgot my password" - adding a number may add just a bit of security.
Also, if the system is not protected against brute-force attacks, one can try common usernames together with common passwords.
I agree with Xavjer: the reason for this is most likely not security-related.
I agree with you: If the requirement is security-related - the security scheme is probably wrong.
Edit:
Another idea - Maybe they want to force you to use a username which is different than the one you use on other sites. Since many users tend to select the same username and password for different sites, and in case the password is compromised on one of these sites - this may help (but again, just a bit).
I would say it could be because if you force a number in an username, you will most likely never receive a dublicate name problem. There wont be someone having for example the name 'peter' and then there is a 'peter95' and a 'peter112'. No one will have the original one.
This is just what I think is the most reasonable answer.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
How do i come up with a good name for a website or software I am developing. Are there references for naming websites or software?
think of a rude word to use as an acronym, and then fit in the words to make that acronym fit.
SHAFTED was the code name of one internal project I was working on
Shipment
Help
And
Full
Tracking of
Export
Documentation
OTIS was the clean version I used around managers (Order Tracking Information System)
I let my creativity flow and write up 5-10 names.
Then i google them.If one of them is not in use, i take it. :)
I want to be the names unique ;)
Personally? I don't, they're all horrible. But after a couple days of working on the project it's just a group of letters that means "work left to do," regardless of what I called it. :)
Here is an idea from Paul Graham's Why Smart People Have Bad Ideas essay,
[4] I wrote a program to generate all
the combinations of "Web" plus a three
letter word. I learned from this that
most three letter words are bad:
Webpig, Webdog, Webfat, Webzit,
Webfug. But one of them was Webvia; I
swapped them to make Viaweb.