EH-Net

Recently, I've had several discussions (online and offline) about password security, password hashing algorithms, and what it is that we're trying to accomplish.  I ended up starting a blog so I had a place to publish everything.  The articles up so far are about password security, but I plan to publish more on other (mostly application) security issues.  I hope that what I've written will be of interests to the folks here.

So far, I've posted about why rainbow tables aren't as powerful as people think, how long passwords actually need to be to withstand an online or offline attack, and an analysis of what we're actually trying to accomplish with salting, stretching, delay timers, expiration etc.

The blog is here: http://bugcharmer.blogspot.com (http://bugcharmer.blogspot.com)

Feedback is welcome.

ok buddy congrats but i have a question when u can have a website for free with all features that other sites has, why u still write weblog?

functionality and security would be a prime reason I would.  I have a site and host that I pay yearly for.  The cost is minimal based on all the unlimited features I have.  I also can install a number of applications on the site ranging from Wordpress to Jabber chat.  Problem is that I could either let them install and have little to manage but also little to customize or manually install and have to worry about keeping the code clean and updating it regularly.  If you go with a blogspot or tumblr account, all you really have to worry about is the content.  Plus both of these services are free.

I've been considering taking most of my site down until I can make some time to update everything but I have a game forum that a handful of people use.  When I had more time, I enjoyed messing around with the website but now I just need something to work.

I don't have to do any maintenance or setup.  I can just write, check my stats once in a while, etc.

with www.zymic.com u can have a free web host with amazing features and u can register a .tk domain fo it (free) so creating a free and good website is not so hard man

missing the point Cyber.Spirit.  Eventually we just want a site to work and do what we need it to do without having to worry.  Hosting a full site when you just want to write a regular blog is overkill by today's standards.  Even with free sites, you still need to worry about maintenance, whether you do it or the host does it.  Most of my site is maintained by the host but there are pieces that fall to me to manage and can be exploited if I don't keep up on it.  If I just want to post to a regular blog, it is much easier to sign up for the free Blogspot account.  That way I can tweet my thoughts and concerns and reference the blog for more content that can't fit in the standard twitter post. 

Also one thing I find great about maintaining a blog is the writing practice.  As you go further in your Security career, you will find this becomes a must have skill.  It can eventually lead to possibly doing talks at the local Bsides event, SchmooCon or DerbyCon.

3xban,

running my own full sites is what lead me to speaking at Bsides Detroit, GrrCON and DerbyCon this year.

I'm also teaching a workshop to a local Security User group (MiSEC) in Aug.

You'd be surprised what doing something for personal learning, and brushing up on skills can lead to.

This is the second time I heard about that. Maybe something to consider

I'm working full-time and going back to school.  Even a small amount of extra time to maintain a full site would be a deal breaker for me.  Once I'm out of school, I might do that; especially if I need to release code, exploits, etc.

I work full time, I go to college (university) part time, I run a local lock sport group and involved in a few others. I have 2 sites (one server), a podcast, and an active member in 2 security groups. the time is there, you just have to learn to manage it.

Show off :D  Understandable though and I agree.  But again if time is limited then you pick your filler for the little spare time you have.  Mine is reverse engineering malware.  Once I have a bit more I may circle back to building out my site.

Mine is crypto.  I heart teh maths.

3xban im working on my new website with free host and domain man its not overkill blogs services has many disadvantages you just get a subdomain (example.blogspot.com) you cant design your blog freely you cant upload your files and create direct download links. users cant log in to your website and so on...

But with a free host and domain you can have all of above features and some another features too. if your problem is security you can run a pentest on your web application (you cant run pentest on the web server because its not legal.)

Then when you can have your own domain your own host your own web design and many of amazing features i think blog services are sucks..... im sure they have vulnerabilities also

CyberSpirit......

and i missed something blog services must be so thankful of us because people made blogspot famous (example) without those people blog services are useless im wondering even if they understand it they wont give people some good features   

Nerd :D  I don't mind math.  I was hanging at a Ruby meetup a few weeks back and they started doing situational calculus in the "Math Room" of my friend's office.  I am watching these guys go to town with an explanation of the math and then I realize, holy crap, I sort of understand this.  Then it dawned on me, oh that wonderful Intro to Logic class I took way back in college.  I felt briefly smart.  I think they were just doing it for kicks. 

That's actually not true. Blogspot and Wordpress both allow you to use your own domain name. There's also nothing stopping you having your own server to host your files and linking it through your blog.

I'm not sure what you mean about not being able to design your blog freely. Have you looked beyond the basic templates that Blogger and Wordpress provide? There's nothing stopping you from creating your own CSS and designing the look of the site.

Really so can i have a .com or .net or .org and .,.. For free ?

And can i design my website with my own template with online media streaming and direct download? (without any copyright info from blogspot?)
Man i can have all of this features and alot of another feature on my website for free.

If you already have a domain name, there's no charge to set it up with Blogspot. If you don't have one, you can buy one through them. http://support.google.com/blogger/bin/static.py?hl=en&ts=1233381&page=ts.cs

Again, nothing stopping you from designing your own template without mentioning Blogspot anywhere. Just an example:  http://btemplates.com/2012/blogger-template-musicplus/

Of course you can do everything yourself if you have plenty of time and want to manage everything on your own. The point is, many people just want to provide information online without having to worry about the hassle of maintaining a webserver. Same reason why most people use Gmail instead of setting up their own mail servers.

Here are some reasons why I'd use Blogspotr:

1. I don't want to pay for extra bandwidth.
2. If a power failure hits, I don't want my site to go down because it's hosted at home.
3. I don't have redundancy at home compared to the infrastructure Blogspot has setup.
4. I maintain enough servers as it is at work, and when I have free time, it's spent doing hacking and research, not debugging a webserver so people can read my posts.
5. I need to pay for a static IP.
6. If Blogspot goes down, I don't really care. I know some Blogspot employee is getting up at 3am to fix the problem.

The list goes on. It's all about using the right tool for the right job. Most people just don't care about maintaining a personal webserver when all they're going to be using it for, is a blog.

1- so u i think u can setup a free domain  for it.
2- for example can i upload my own web pages i dont want to use blog templates and can i have put direct download in my site?
3- man man man ofcourse u cant run a webserver in ur home its not good idea but u can use a host with a good performance and huge space and many great features. And atleast u wil have a website not a blog u can manage everything

@cyber.spirit: A blog is specific to one thing: posting information for people to read. That's it. If you plan on doing something else with your online presence, like merchandising, or setting up an enterprise front, then yeah, a blog isn't the way to go.

@unicityd: Informative blog, looking forward to future posts.

yes man i agree with that its true all of that im trying to say is u can have a website with good features for free u can put ur articles there like blog u can upload ur files u can have ur own design and so on for FREE
So im doing exactly same with a blog author i write my articles and put it in my website i have news and some other sections there . Having and managing a free website is so easy man u dont need to pay more attention to it or do any INCERDIBLE thing!! Like a blog u sign up for host and domain for free and then u design ur website u can for a pre built template for it or design it by urself (like what i did) then u can upload ur files via ftp thats all man. And its easy for everyone for me and u and other blog authors u dont need to be a super man to do that!!