<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (Aetles)</title>
    <link>https://pinboard.in/u:Aetles/public/</link>
    <description>recent bookmarks from Aetles</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://github.com/jhaals/yopass"/>
	<rdf:li rdf:resource="https://www.fastcompany.com/90234724/when-passwords-get-stolen-this-australian-guy-alerts-the-world"/>
	<rdf:li rdf:resource="https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords"/>
	<rdf:li rdf:resource="http://www.speirs.org/blog/2017/4/12/theft-and-loss-recovery-for-ios-users"/>
	<rdf:li rdf:resource="https://www.grc.com/haystack.htm"/>
	<rdf:li rdf:resource="http://www.maintain.se/blog/setting-up-firmware-password-protection-in-os-x/"/>
	<rdf:li rdf:resource="http://raidersec.blogspot.de/2013/06/how-browsers-store-your-passwords-and.html"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/"/>
	<rdf:li rdf:resource="http://arxiv.org/abs/1304.6584"/>
	<rdf:li rdf:resource="http://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/"/>
	<rdf:li rdf:resource="http://ejohn.org/blog/keeping-passwords-in-source-control/"/>
	<rdf:li rdf:resource="http://dropsafe.crypticide.com/muffett-passwords"/>
	<rdf:li rdf:resource="http://dropsafe.crypticide.com/article/9481"/>
	<rdf:li rdf:resource="http://www.howtogeek.com/130844/secure-yourself-by-using-two-step-verification-on-these-16-web-services/"/>
	<rdf:li rdf:resource="https://nopassword.alexsmolen.com/"/>
	<rdf:li rdf:resource="http://store.authentec.com/en-us/products/passwordmanagement/eikonmini.aspx"/>
	<rdf:li rdf:resource="http://www.red-sweater.com/blog/2545/keychain-password-search"/>
	<rdf:li rdf:resource="http://www.codinghorror.com/blog/2012/04/speed-hashing.html"/>
	<rdf:li rdf:resource="https://github.com/juuso/BozoCrack"/>
	<rdf:li rdf:resource="http://www.htaccesstools.com/htaccess-authentication/"/>
	<rdf:li rdf:resource="http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/"/>
	<rdf:li rdf:resource="http://it.slashdot.org/story/11/01/13/2024237/Amazon-EC2-Enables-Cheap-Brute-Force-Attacks?from=rss"/>
	<rdf:li rdf:resource="http://vgable.com/blog/2009/06/01/pass-phrases-not-passwords"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://github.com/jhaals/yopass">
    <title>GitHub - jhaals/yopass: Secure sharing for secrets and passwords</title>
    <dc:date>2019-08-30T08:49:29+00:00</dc:date>
    <link>https://github.com/jhaals/yopass</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Yopass is a project for sharing secrets in a quick and secure manner*. The sole purpose of Yopass is to minimize the amount of passwords floating around in ticket management systems, IRC logs and emails. The message is encrypted/decrypted locally in the browser and then sent to yopass without the decryption key which is only visible once to the user during encryption, yopass then returns a one-time URL with specified expiry date.]]></description>
<dc:subject>security tools passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:516eeb3543eb/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:tools"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.fastcompany.com/90234724/when-passwords-get-stolen-this-australian-guy-alerts-the-world">
    <title>Have I Been Pwned tells the world about security breaches</title>
    <dc:date>2018-11-17T15:50:09+00:00</dc:date>
    <link>https://www.fastcompany.com/90234724/when-passwords-get-stolen-this-australian-guy-alerts-the-world</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Troy Hunt’s Have I Been Pwned is a one-stop shop for learning if you’re among the millions affected by security breaches. And he’s trying to do it the responsible way.]]></description>
<dc:subject>passwords security hacking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:607d7f6f784e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hacking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords">
    <title>Let them paste passwords - NCSC Site</title>
    <dc:date>2017-05-24T12:38:14+00:00</dc:date>
    <link>https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[This is why we think SPP is bad, and allowing password pasting is good. The pros outweigh the cons, and by a lot.]]></description>
<dc:subject>forms javascript passwords security webdevelopment</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:b7dd1410f401/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:forms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:javascript"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:webdevelopment"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.speirs.org/blog/2017/4/12/theft-and-loss-recovery-for-ios-users">
    <title>Theft and Loss Recovery for iOS Users — Fraser Speirs</title>
    <dc:date>2017-04-14T20:17:43+00:00</dc:date>
    <link>http://www.speirs.org/blog/2017/4/12/theft-and-loss-recovery-for-ios-users</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Let's say, for the sake of argument, that I'm walking down the street in a large city somewhere abroad and I'm approached and forcibly relieved of all the valuable possessions on my person. In a typical tech conference scenario, that would be my iPhone, iPad and Apple Watch all gone.

What now? Well, there are two phases to this: damage limitation and disaster recovery.]]></description>
<dc:subject>security ios backup passwords icloud apple twostepverification</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:cdbe2ad8055c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:backup"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:icloud"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:twostepverification"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.grc.com/haystack.htm">
    <title>GRC's | Password Haystacks: How Well Hidden is Your Needle?  </title>
    <dc:date>2015-04-03T11:36:41+00:00</dc:date>
    <link>https://www.grc.com/haystack.htm</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.

If every possible password is tried, sooner or later yours will be found.
The question is: Will that be too soon . . . or enough later?

This interactive brute force search space calculator allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search. Please see the discussion below for additional information.]]></description>
<dc:subject>passwords security privacy tools</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:33f937391275/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:tools"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.maintain.se/blog/setting-up-firmware-password-protection-in-os-x/">
    <title>Setting up firmware password protection in OS X | Cocktail Blog</title>
    <dc:date>2014-06-24T09:16:18+00:00</dc:date>
    <link>http://www.maintain.se/blog/setting-up-firmware-password-protection-in-os-x/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Mac users in higher security risk situations may wish to enable an optional firmware password on their machines, which offers an advanced level of protection. In short, a firmware password is a lower level layer of security that is set on the actual Mac logicboards firmware, rather than at the software layer like FileVault encryption or the standard login password.]]></description>
<dc:subject>mac osx mactips security passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:d8234f3a29a0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:mac"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:osx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:mactips"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://raidersec.blogspot.de/2013/06/how-browsers-store-your-passwords-and.html">
    <title>RaiderSec: How Browsers Store Your Passwords (and Why You Shouldn't Let Them)</title>
    <dc:date>2013-06-25T10:43:40+00:00</dc:date>
    <link>http://raidersec.blogspot.de/2013/06/how-browsers-store-your-passwords-and.html</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[In a previous post, I introduced a Twitter bot called dumpmon which monitors paste sites for account dumps, configuration files, and other information. Since then, I've been monitoring the information that is detected. While you can expect a follow-up post with more dumpmon-filled data soon, this post is about how browsers store passwords.

I mention dumpmon because I have started to run across quite a few pastes like this that appear to be credential logs from malware on infected computers. It got me thinking - I've always considered it best to not have browsers store passwords directly, but why? How easy can it be for malware to pull these passwords off of infected computers? Since sources are a bit tough to find in one place, I've decided to post the results here, as well as show some simple code to extract passwords from each browser's password manager.]]></description>
<dc:subject>security browsers passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:9c28446d81ac/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/">
    <title>Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | Ars Technica</title>
    <dc:date>2013-05-28T10:18:32+00:00</dc:date>
    <link>http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. ]]></description>
<dc:subject>passwords security privacy cryptography</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:e0d1fb86c6bc/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:cryptography"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arxiv.org/abs/1304.6584">
    <title>[1304.6584] When Privacy meets Security: Leveraging personal information for password cracking</title>
    <dc:date>2013-04-26T08:40:00+00:00</dc:date>
    <link>http://arxiv.org/abs/1304.6584</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing attacks. In this paper, we study the effectiveness of guessing attacks based on Markov models. Our contributions are two-fold. First, we propose a novel password cracker based on Markov models, which builds upon and extends ideas used by Narayanan and Shmatikov (CCS 2005). In extensive experiments we show that it can crack up to 69% of passwords at 10 billion guesses, more than all probabilistic password crackers we compared again t. Second, we systematically analyze the idea that additional personal information about a user helps in speeding up password guessing. We find that, on average and by carefully choosing parameters, we can guess up to 5% more passwords, especially when the number of attempts is low. Furthermore, we show that the gain can go up to 30% for passwords that are actually based on personal attributes. These passwords are clearly weaker and should be avoided. Our cracker could be used by an organization to detect and reject them. To the best of our knowledge, we are the first to systematically study the relationship between chosen passwords and users' personal information. We test and validate our results over a wide collection of leaked password databases.]]></description>
<dc:subject>passwords security research</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:9583cab5a767/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:research"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/">
    <title>On hashcat and strong Master Passwords as your best protection | Agile Blog</title>
    <dc:date>2013-04-18T09:08:26+00:00</dc:date>
    <link>http://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[You may have heard some news going around about hashcat, a password cracking tool, that recently increased its ability to guess Master Passwords for 1Password data files. It’s an impressive achievement for hashcat, and it is important to understand what this does and doesn’t mean for 1Password.]]></description>
<dc:subject>passwords security 1password encryption</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:bf7fc5ebfd07/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:1password"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:encryption"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://ejohn.org/blog/keeping-passwords-in-source-control/">
    <title>John Resig - Keeping Passwords in Source Control</title>
    <dc:date>2013-02-06T21:47:46+00:00</dc:date>
    <link>http://ejohn.org/blog/keeping-passwords-in-source-control/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[It has to deal with the eternal question: How do you store sensitive configuration options (such as usernames, passwords, etc.) in source control? Typically what I’ve done is to just punt on the problem entirely. I create a dummy configuration file, such as conf/sample-settings.json which has the basic structure but none of the details filled out. 

If someone else needed the details I would just email it to them, or some such (not ideal). Especially when it came time to add additional information to the file or make other changes.

The technique I picked up from Craig was to, instead, keep an encrypted version of the configuration file in source control and then provide a means through which the user can encrypt and decrypt that data.]]></description>
<dc:subject>git passwords encryption sourcecontrol versioncontrol</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:20d4fa4b2424/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:git"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:encryption"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:sourcecontrol"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:versioncontrol"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://dropsafe.crypticide.com/muffett-passwords">
    <title>Muffett on Passwords | dropsafe</title>
    <dc:date>2013-01-23T08:38:33+00:00</dc:date>
    <link>http://dropsafe.crypticide.com/muffett-passwords</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[TL;DR Summary

don’t let users choose guessable passwords; achieve this by…
encouraging/forcing users to use good password management software, and then…
protect the hashes on the backend by using something decent, ie: bcrypt()]]></description>
<dc:subject>passwords security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:b26bec910a20/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://dropsafe.crypticide.com/article/9481">
    <title>Regrettably @Mat Honan is Entirely Wrong about “Killing Passwords” /cc @Wired | dropsafe</title>
    <dc:date>2013-01-23T08:38:04+00:00</dc:date>
    <link>http://dropsafe.crypticide.com/article/9481</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[The reason to cling onto passwords is that they are a distributed, non-hierarchical technology.

There is no database other than the essential database of passwords
There is no certificate authority to be spoofed
There is no token database to be stolen
There is no monetisable identity linkage and hence no selective disclosure bunfighting
The likelihood of catastrophic centralised identity mistakes is small
In short: there’s a lot less that can go wrong when the identities are discrete and thinly spread.

So, sorry Mat. You’re wrong all the way up to this point ]]></description>
<dc:subject>passwords security mathonan</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:dadd61cd0e0f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:mathonan"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.howtogeek.com/130844/secure-yourself-by-using-two-step-verification-on-these-16-web-services/">
    <title>Secure Yourself by Using Two-Step Verification on These 16 Web Services - How-To Geek</title>
    <dc:date>2012-12-16T15:02:16+00:00</dc:date>
    <link>http://www.howtogeek.com/130844/secure-yourself-by-using-two-step-verification-on-these-16-web-services/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Two-factor authentication, also known as 2-step verification, provides additional security for your online accounts. Even if someone discovers your password, they’ll need a special one-time code to log in after you enable two-factor authentication on these services.

Notably absent from this list are banks and other financial institutions. It’s a shame that you can use two-factor authentication to protect your in-game currency in an MMORPG, but not the real money in your bank account.]]></description>
<dc:subject>security twostepverification passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:e20b0bd6c611/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:twostepverification"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://nopassword.alexsmolen.com/">
    <title>NoPassword</title>
    <dc:date>2012-09-27T07:56:05+00:00</dc:date>
    <link>https://nopassword.alexsmolen.com/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Most web sites ask for a password when you register. After logging in, you can access the site until your session expires. When you forget your password, you can request an email with a link to a password change form. NoPassword factors out the password from this process. You register with an email address and receive a link that gives you a session on that browser until you log out. If you ever need to log in from somewhere else, you can request another email with a link that will log you in wherever you are.]]></description>
<dc:subject>email passwords security tools authentication</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:33c739ced1d8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:email"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:tools"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:authentication"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://store.authentec.com/en-us/products/passwordmanagement/eikonmini.aspx">
    <title>Eikon Mini, the Compact, Low-cost USB Fingerprint Reader for Today’s PCs and Macs</title>
    <dc:date>2012-07-02T19:50:46+00:00</dc:date>
    <link>http://store.authentec.com/en-us/products/passwordmanagement/eikonmini.aspx</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Passwords On the Go
Almost invisible, keep it plugged-in or carry it with you and use your fingerprint as your master password. The Eikon Mini is the most user friendly, ultra-portable fingerprint reader available.]]></description>
<dc:subject>security passwords osx fingerprints</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:d4f19862aef0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:osx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:fingerprints"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.red-sweater.com/blog/2545/keychain-password-search">
    <title>Red Sweater Blog – Keychain Password Search</title>
    <dc:date>2012-06-07T10:57:36+00:00</dc:date>
    <link>http://www.red-sweater.com/blog/2545/keychain-password-search</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Update: As luck would have it, mere moments after publishing this, I got word from the 1Password folks about another write-up that achieves something different (exporting for 1Password), but makes use of the very same approach of automating the clicking of that allow button.]]></description>
<dc:subject>passwords security osx keychain 1password</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:826d121fd436/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:osx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:keychain"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:1password"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.codinghorror.com/blog/2012/04/speed-hashing.html">
    <title>Coding Horror: Speed Hashing</title>
    <dc:date>2012-04-06T22:14:22+00:00</dc:date>
    <link>http://www.codinghorror.com/blog/2012/04/speed-hashing.html</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[I'm too busy to read all this.
If you are a user:

Make sure all your passwords are 12 characters or more, ideally a lot more. I recommend adopting pass phrases, which are not only a lot easier to remember than passwords (if not type) but also ridiculously secure against brute forcing purely due to their length.

If you are a developer:

Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. Do not use any other form of hash. Almost every other popular hashing scheme is vulnerable to brute forcing by arrays of commodity GPUs, which only get faster and more parallel and easier to program for every year.]]></description>
<dc:subject>encryption hash hashing passwords security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:b65bced27593/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:encryption"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hashing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/juuso/BozoCrack">
    <title>juuso/BozoCrack - GitHub</title>
    <dc:date>2011-11-08T07:47:27+00:00</dc:date>
    <link>https://github.com/juuso/BozoCrack</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[BozoCrack
BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.

It works way better than it ever should.]]></description>
<dc:subject>hack md5 passwords security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:79ec9457f931/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hack"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:md5"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.htaccesstools.com/htaccess-authentication/">
    <title>Htaccess Authentication - Password protect directory</title>
    <dc:date>2011-03-06T22:34:06+00:00</dc:date>
    <link>http://www.htaccesstools.com/htaccess-authentication/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Password protect one or more directories with Basic HTTP Authentication using .htaccess. A .htpasswd file will be used to store login details. Use the .htpassswd generator to create entries in the .htpasswd file.]]></description>
<dc:subject>htaccess passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:7b099f409288/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:htaccess"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/">
    <title>Anonymous speaks: the inside story of the HBGary hack</title>
    <dc:date>2011-02-16T07:38:23+00:00</dc:date>
    <link>http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I've talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary's defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.]]></description>
<dc:subject>hack security sqlinjection md5 hashing passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:10b7fb312ee3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hack"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:sqlinjection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:md5"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:hashing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://it.slashdot.org/story/11/01/13/2024237/Amazon-EC2-Enables-Cheap-Brute-Force-Attacks?from=rss">
    <title>Amazon EC2 Enables Cheap Brute-Force Attacks - Slashdot</title>
    <dc:date>2011-01-18T09:45:43+00:00</dc:date>
    <link>http://it.slashdot.org/story/11/01/13/2024237/Amazon-EC2-Enables-Cheap-Brute-Force-Attacks?from=rss</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[Also fun to realize: for every character less than 20, you lose 100x your security. A 19-character password could be cracked in just 1% of the time of a 20-character password. A 10-character password would take .000000000000000001% of the time.]]></description>
<dc:subject>passwords security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:Aetles/b:3167272282c6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://vgable.com/blog/2009/06/01/pass-phrases-not-passwords">
    <title>Vincent Gable » Pass Phrases, Not Passwords</title>
    <dc:date>2009-06-02T11:59:13+00:00</dc:date>
    <link>http://vgable.com/blog/2009/06/01/pass-phrases-not-passwords</link>
    <dc:creator>Aetles</dc:creator><description><![CDATA[People feel that if security system A is harder for them to use then system B, then A must be harder for an attacker to bypass. But the facts don’t always match this intuition.

What authentication code do you think is harder for a bad guy to hack, the 7 character strong password “1Ea.$]/”, or the mnemonic for the first 3 characters, “One Elvis Amazon”? Certainly “1Ea.$]/” is harder for a person to remember. It feels like it should be harder to break. But a computer, not a person, is going to be doing the guessing, and all it cares about is how big the search space is. There are 937 possible 7 character passwords. Let’s say there are 250,000 possible English words (more on that figure later). Then there are 250,0003 3 word combinations — meaning an attacker would have to do 260 times more work to guess “One Elvis Amazon” than to guess “1Ea.$]/”.


]]></description>
<dc:subject>security passwords</dc:subject>
<dc:identifier>https://pinboard.in/u:Aetles/b:49a64b50cf29/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:Aetles/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>