.

Password Security (and my new blog)

<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Mon Jun 25, 2012 12:06 am

Password Security (and my new blog)

Recently, I've had several discussions (online and offline) about password security, password hashing algorithms, and what it is that we're trying to accomplish.  I ended up starting a blog so I had a place to publish everything.  The articles up so far are about password security, but I plan to publish more on other (mostly application) security issues.  I hope that what I've written will be of interests to the folks here.

So far, I've posted about why rainbow tables aren't as powerful as people think, how long passwords actually need to be to withstand an online or offline attack, and an analysis of what we're actually trying to accomplish with salting, stretching, delay timers, expiration etc.

The blog is here: http://bugcharmer.blogspot.com

Feedback is welcome.
BS in IT, CISSP, MS in IS Management (in progress)
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sat Jun 30, 2012 3:25 am

Re: Password Security (and my new blog)

ok buddy congrats but i have a question when u can have a website for free with all features that other sites has, why u still write weblog?
ICS Academy Network Security Certified
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sat Jun 30, 2012 7:18 am

Re: Password Security (and my new blog)

functionality and security would be a prime reason I would.  I have a site and host that I pay yearly for.  The cost is minimal based on all the unlimited features I have.  I also can install a number of applications on the site ranging from Wordpress to Jabber chat.  Problem is that I could either let them install and have little to manage but also little to customize or manually install and have to worry about keeping the code clean and updating it regularly.  If you go with a blogspot or tumblr account, all you really have to worry about is the content.  Plus both of these services are free.

I've been considering taking most of my site down until I can make some time to update everything but I have a game forum that a handful of people use.  When I had more time, I enjoyed messing around with the website but now I just need something to work.
Certs: GCWN
(@)Dewser
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Sat Jun 30, 2012 12:33 pm

Re: Password Security (and my new blog)

cyber.spirit wrote:ok buddy congrats but i have a question when u can have a website for free with all features that other sites has, why u still write weblog?


I don't have to do any maintenance or setup.  I can just write, check my stats once in a while, etc.
BS in IT, CISSP, MS in IS Management (in progress)
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sat Jun 30, 2012 5:29 pm

Re: Password Security (and my new blog)

with www.zymic.com u can have a free web host with amazing features and u can register a .tk domain fo it (free) so creating a free and good website is not so hard man
ICS Academy Network Security Certified
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Jul 03, 2012 12:25 pm

Re: Password Security (and my new blog)

missing the point Cyber.Spirit.  Eventually we just want a site to work and do what we need it to do without having to worry.  Hosting a full site when you just want to write a regular blog is overkill by today's standards.  Even with free sites, you still need to worry about maintenance, whether you do it or the host does it.  Most of my site is maintained by the host but there are pieces that fall to me to manage and can be exploited if I don't keep up on it.  If I just want to post to a regular blog, it is much easier to sign up for the free Blogspot account.  That way I can tweet my thoughts and concerns and reference the blog for more content that can't fit in the standard twitter post. 

Also one thing I find great about maintaining a blog is the writing practice.  As you go further in your Security career, you will find this becomes a must have skill.  It can eventually lead to possibly doing talks at the local Bsides event, SchmooCon or DerbyCon.
Certs: GCWN
(@)Dewser
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jul 03, 2012 2:42 pm

Re: Password Security (and my new blog)

3xban,

running my own full sites is what lead me to speaking at Bsides Detroit, GrrCON and DerbyCon this year.

I'm also teaching a workshop to a local Security User group (MiSEC) in Aug.

You'd be surprised what doing something for personal learning, and brushing up on skills can lead to.
OSWP, Sec+
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Jul 03, 2012 3:24 pm

Re: Password Security (and my new blog)

chrisj wrote:3xban,

running my own full sites is what lead me to speaking at Bsides Detroit, GrrCON and DerbyCon this year.

I'm also teaching a workshop to a local Security User group (MiSEC) in Aug.

You'd be surprised what doing something for personal learning, and brushing up on skills can lead to.


This is the second time I heard about that. Maybe something to consider
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Tue Jul 03, 2012 5:17 pm

Re: Password Security (and my new blog)

chrisj wrote:3xban,

running my own full sites is what lead me to speaking at Bsides Detroit, GrrCON and DerbyCon this year.

I'm also teaching a workshop to a local Security User group (MiSEC) in Aug.

You'd be surprised what doing something for personal learning, and brushing up on skills can lead to.


I'm working full-time and going back to school.  Even a small amount of extra time to maintain a full site would be a deal breaker for me.  Once I'm out of school, I might do that; especially if I need to release code, exploits, etc.
BS in IT, CISSP, MS in IS Management (in progress)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jul 03, 2012 6:54 pm

Re: Password Security (and my new blog)

unicityd wrote:I'm working full-time and going back to school.  Even a small amount of extra time to maintain a full site would be a deal breaker for me.  Once I'm out of school, I might do that; especially if I need to release code, exploits, etc.


I work full time, I go to college (university) part time, I run a local lock sport group and involved in a few others. I have 2 sites (one server), a podcast, and an active member in 2 security groups. the time is there, you just have to learn to manage it.
OSWP, Sec+
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Jul 03, 2012 8:37 pm

Re: Password Security (and my new blog)

Show off :D  Understandable though and I agree.  But again if time is limited then you pick your filler for the little spare time you have.  Mine is reverse engineering malware.  Once I have a bit more I may circle back to building out my site.
Certs: GCWN
(@)Dewser
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Wed Jul 04, 2012 3:32 am

Re: Password Security (and my new blog)

3xban wrote:But again if time is limited then you pick your filler for the little spare time you have.  Mine is reverse engineering malware. 


Mine is crypto.  I heart teh maths.
BS in IT, CISSP, MS in IS Management (in progress)
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Jul 04, 2012 3:55 am

Re: Password Security (and my new blog)

3xban wrote:missing the point Cyber.Spirit.  Eventually we just want a site to work and do what we need it to do without having to worry.  Hosting a full site when you just want to write a regular blog is overkill by today's standards.  Even with free sites, you still need to worry about maintenance, whether you do it or the host does it.  Most of my site is maintained by the host but there are pieces that fall to me to manage and can be exploited if I don't keep up on it.  If I just want to post to a regular blog, it is much easier to sign up for the free Blogspot account.  That way I can tweet my thoughts and concerns and reference the blog for more content that can't fit in the standard twitter post. 

Also one thing I find great about maintaining a blog is the writing practice.  As you go further in your Security career, you will find this becomes a must have skill.  It can eventually lead to possibly doing talks at the local Bsides event, SchmooCon or DerbyCon.


3xban im working on my new website with free host and domain man its not overkill blogs services has many disadvantages you just get a subdomain (example.blogspot.com) you cant design your blog freely you cant upload your files and create direct download links. users cant log in to your website and so on...

But with a free host and domain you can have all of above features and some another features too. if your problem is security you can run a pentest on your web application (you cant run pentest on the web server because its not legal.)

Then when you can have your own domain your own host your own web design and many of amazing features i think blog services are sucks..... im sure they have vulnerabilities also

CyberSpirit......
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Jul 04, 2012 9:59 am

Re: Password Security (and my new blog)

and i missed something blog services must be so thankful of us because people made blogspot famous (example) without those people blog services are useless im wondering even if they understand it they wont give people some good features 
ICS Academy Network Security Certified
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Jul 05, 2012 10:59 pm

Re: Password Security (and my new blog)

unicityd wrote:
3xban wrote:But again if time is limited then you pick your filler for the little spare time you have.  Mine is reverse engineering malware. 


Mine is crypto.  I heart teh maths.


Nerd :D  I don't mind math.  I was hanging at a Ruby meetup a few weeks back and they started doing situational calculus in the "Math Room" of my friend's office.  I am watching these guys go to town with an explanation of the math and then I realize, holy crap, I sort of understand this.  Then it dawned on me, oh that wonderful Intro to Logic class I took way back in college.  I felt briefly smart.  I think they were just doing it for kicks. 
Certs: GCWN
(@)Dewser
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software