Good article on password security

18 Jan

Read this article by Alec on Password Security. A nice discussion on that age old feature and problem.

The following code snippet takes me a few years back, when Alec demonstrated me how ill managed a typical large user/pass data could be.

perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$c)=getpwent' < /usr/dict/words

Thanks Alec!

Nulls and Certs

31 Jul

The SSL cert issuing and validation process look clean individually, but this null character thingy spoils the party. Read more here. Good that Mozilla 3.5 is not vulnerable. Also, certain browsers restrict the validity of the wild card certs to a single level of indirection. Those browsers handle this case better.