password-protection

问题 I am storing user logon encrypted passwords in a database (SQL Server). Because of an API restriction, the passwords need to be encrypted on the C# end of things, so I can't use the database's built-in encryption. what is the fastest/easiest way to encrypt these passwords so I can compare them to what the user would have typed in to a third-party service later? I am new to C# and I understand that passwords should never be in plain text so that's why I want to make sure I have the highest

问题 Hi I have wonder how windows performs integrity check on the registry values before its going to read it. While i am changing the cached domain credentials in the windows registry, I got those values from the following keys HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 ... NL$10. I have decoded it with the NL$KM key values and dumped the Stored password hash. And i wish to change the hash with my own new generated hash. But Windows its bit tricky they have added a final checksum validation for

问题 I'm trying to convert this function into PHP but somehow it does not give same results. public static string EncodePassword(string pass, string salt) { byte[] bytes = Encoding.Unicode.GetBytes(pass); byte[] src = Convert.FromBase64String(salt); byte[] dst = new byte[src.Length + bytes.Length]; byte[] inArray = null; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); inArray =

问题 The challenge I need a password management tool that will be invoked by other processes (scripts of all sort: python, php, perl, etc) and it will be able to identify and verify the caller script in order to perform access control: either return a password back or exit -1 The current implementation After looking into various frameworks, I have decided to use python 's keepassdb which is able to handle Keepass V1.X backend database files and build my own access control overlay (since this can

问题 I'm trying to do a function to hash passwords with this php function: http://be.php.net/manual/en/function.hash-pbkdf2.php. Here is the code: $hash_algo = "sha256"; $password = "password"; $salt = "salt"; $iterations = 1; $length = 1; $raw_output = false; $hash = hash_pbkdf2($hash_algo, $password, $salt, $iterations ,$length ,$raw_output); echo $hash; I got this error: Fatal error: Call to undefined function hash_pbkdf2(). How can the function be undefined??? PS: All the values of my

问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: Storing a password I am using shared preference to store password. Is it is secure to save the password data as it is, or i have to encrypt it before saving it. Please help me with sample code. Thanks in Advance, 回答1: You should never save a password directly, instead save a hash of the password. 回答2: Short answer: it's pretty secure. Long answer: first off, if you are creating an application that allows a user

问题 Is it possible to disable completely the secure storage password of Eclipse? I am running Eclipse Helios on Windows 7. 回答1: To disable the master password prompt you have to specifiy a file containing the password with -eclipse.password , see Eclipse SDK Help and Bug 241223. The complete procedure is as follows (this is on Linux, on Windows it should work as well if you change the paths): Exit Eclipse Delete the directory ~/.eclipse/org.eclipse.equinox.security Create a text file containing

问题 I'm writing a simple PHP script to access the Foursquare API. The PHP will always access the same Foursquare account. For the time being, I have this login information hardcoded in my script. What is the best way to secure this information? If I follow the advice from this thread, I should just place the login information in a config file outside the website's root directory: How to secure database passwords in PHP? Is this the best advice? Or is there a better way to secure the login

问题 I started reading Google Chrome's documentation, and liked it's approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made me think about a lot of different uses. I want to develop an extension to help me with corporate systems. It's very specific, and it's only going to be used inside a company. This extension would do some activities to this corporate system, using javascript DOM, with just one click on Google's Chrome toolbar. To work with

问题 In a RESTful API that uses S3-style authentication, the API client signs the request with his secret key using HMAC-SHA1, so the secret key is never transmitted over the wire. The server then authenticates the client by using that client's secret key to repeat the signature process itself and compare the result to the signature transmitted by the client. This is all nice and good but it means the the server requires access to the plaintext of the client's shared secret. That flies in the face