In his latest blog post, Andy Sloane issued a challenge to create a key-generator for his bespoke software licensing scheme.
Looking through his code, I quickly found that he was using RSA, and that valid keys decrypted to 12345678 under a hardcoded RSA public key.
In my response on the Reddit discussion, I explained creating a keygen [...]
Jimmy Ruska has taken the time to combine data from 3 compromised-password lists, and the results are pretty interesting.
If an attacker can try just a single password against every user on your web application, he’ll compromise about 1% of them. Even with a fairly stringent 3-attempt lockout policy, about 2-3% of your users will be [...]
Newly released RubyGem Haddock offers to generate easy-to-remember passwords, but how secure are they?
Haddock-generated passwords are of the form {word}{number}{symbol}{word}, and are generated to be at-most as long as a user-specified length. So for example, an 8-character Haddock password might be “amy7@rax”.
For a relatively low-security password, like you might use for your Twitter account, this is [...]