Caleb Cushing's Blog

Making Secure Recoverable Passwords ( part 3 )

If you haven’t read Part 1 please do so. Although the criticism of Part 2 should be taken with a grain of XKCD Salt, and even the primary plaintiff admitted that it would take him 2 months to crack the final salted sha512. Usually your attacker shouldn’t have your shadow file, and having stored them as anything less is just plain not secure. I will acknowledge it has some merit. Read more →

Making secure recoverable Passwords (Part 2)

This has been prompted by Dave Jacoby’s post on generating passwords and the fact that I’ve learned a new trick since my my first article in 2008; which you should read first (it’s a prereq). Some might point out that using a hex digest limits the characters that will be generated too much, do this then. echo -n “date” | sum | base64 So let’s say you have to change your password every month. Read more →

More Security = Better. Wrong!

So I just had a discussion on #ubuntu-server on freenode about why my not having a password to connect to postgresql via a socket (read local cli) is insecure. So I asked them, how exactly is it that someone is going to get this access? The answer “there are bad people on the Internet”. I’m sure many people right now are agreeing with them and thinking I’m crazy. Let’s discuss my setup though shall we. Read more →

Making secure recoverable passwords

Update: I would suggest using a password manager like LastPass, or a long passphrase before this method now. For the basic you need a calculator with a decimal to hex function. Your OS should have one built in (scientific mode), many calculator’s do to. For advanced you’ll need special hashing software, suggestions for it can be found below. Windows: HashCalc Macintosh MacHash Linux/(*nix) Gnu Coreutils Now that we have the software we need. Read more →