tag:blogger.com,1999:blog-8400370148915075091.post934009211198487446..comments2023-12-12T18:59:45.550+01:00Comments on Security Nirvana: Passwords^12securitynirvanahttp://www.blogger.com/profile/11264687350187854173noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8400370148915075091.post-49649997444163187412012-01-12T01:04:35.893+01:002012-01-12T01:04:35.893+01:00Here's a list of sites that don't hash the...Here's a list of sites that don't hash their passwords: plaintextoffenders.com<br /><br />Then there's the funny hashes like MySQL323 and battle.net's XSHA1.Stevehttp://www.tobtu.comnoreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-20761666370456233062012-01-11T18:10:57.899+01:002012-01-11T18:10:57.899+01:00Thx Minga! :-)
Second thoughts, there are many mo...Thx Minga! :-)<br /><br />Second thoughts, there are many more that I would like to have present at Passwords^12 of course:<br /><br />We need Hernan Ochoa (@hernano) to talk about pass-the-hash and pass-the-ticket attacks on Windows platforms. We need - somebody? - to talk about "how to configure popular web software XYZ to utilize strong hashing algorithms, instead of lousy defaults". <br /><br />If somebody could create a list of popular/mainstream software that currently DOES NOT support 1) long passwords (say len32+), 2) good hashing algorithms (no salting, pbkdf2 or whatever), I would really appreciate it. Essentially that would be a a list of "not recommended if you want to avoid embarrassment, Anonymous, Lulz, leaks and complete pwning".securitynirvanahttps://www.blogger.com/profile/11264687350187854173noreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-44184070041565054062012-01-11T15:13:53.890+01:002012-01-11T15:13:53.890+01:00Exciting! Hopefully I'll be able to be there.Exciting! Hopefully I'll be able to be there.T. Alexander Lystadhttp://thepasswordproject.comnoreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-59975723214353366302012-01-10T23:58:00.620+01:002012-01-10T23:58:00.620+01:00The CrackMeIfYouCan team will be there.
-MingaThe CrackMeIfYouCan team will be there. <br /><br />-MingaAnonymousnoreply@blogger.com