Category Archives: passwords

enigmabridge, passwords, security

Transaction Security with Slow Clock and Counter – How to Conjure Up Entropy

Leave a comment

I love cryptography. It’s an abstract science, where I can define a problem, come up with a solution and prove it (eventually). I also like applying cryptography as it involves real world (users, limitations of computers, …), which messes everything up and turns pure mathematics into a fun game. Continue reading Transaction Security with Slow Clock and Counter – How to Conjure Up Entropy

passwords, security

Password Attacks – A Small Server Experiment

Leave a comment

This short post looks at passwords attacks that were launched during 5 months’ period against a small web server of ours in 2013.

There are a lot of statistics about what is the most prolific passwords we use to login to our online accounts. What we were interested in was what passwords are being used to guess logons to online systems. We setup a WordPress website and started logging passwords tried against that website. Here are some results after about 5 months of monitoring and over 11,000 of logged attacks.

Continue reading Password Attacks – A Small Server Experiment

passwords

Why Storing Plaintext Passwords Is Bad

Leave a comment

No matter what bad news we hear about passwords – leaks, security breaches, compromised security – passwords provide a very good protection when used properly. The real weak link here is the user. If users could remember long and random passwords, the “problem of passwords” would be much, much smaller. The hype would disappear and the real issue – how internet companies store passwords – would become much move visible.

Continue reading Why Storing Plaintext Passwords Is Bad