Phần 6 loạt bài về Hệ thống Quản lý Người dùng bằng JavaFX & MySQL tập trung vào băm mật khẩu an toàn với BCrypt (thay thế lưu trữ dạng văn bản thường). Hướng dẫn thiết thực cho sinh viên, đồ án tốt nghiệp và người học ứng dụng desktop Java. #JavaFX #BCrypt #PasswordSecurity #JavaProgramming #HệThốngQuảnLýNgườiDùng #MậtKhẩuAnToàn
https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_management_system_bcrypt_password/
JavaFX & MySQL: Hệ thống Quản lý Người dùng - Mã hóa Mật khẩu BCrypt (Phần 6) 🖥️
Hệ thống Quản lý Người dùng hoàn chỉnh trong JavaFX & MySQL. Hướng dẫn mã hóa mật khẩu an toàn bằng BCrypt thay vì lưu trữ văn bản thông thường.
Tuyệt vời cho sinh viên, dự án cuối kỳ hoặc ai học lập trình JavaFX. Phần 6: https://youtu.be/LDD1Kan7tOI
#JavaFX #MySQL #BCrypt #QuanLyNguoiDung #LapTrinhJava
Phản hồi và góp ý được hoan nghênh! Cảm ơn!
https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_ma
TL;DR: bcrypt ignores any bytes after the first 72 bytes, this is due to bcrypt being based on the Blowfish cipher which has this limitation. bcrypt has been a commonly used password hashing algorithm for decades, it’s slow by design, includes built-in salting, and has protected countless systems from brute-force attacks. But despite its solid reputation, it also has a few hidden limitations worth knowing about. Let’s take a look at this code:
Since Wordpress v6.8, the default hash func produces a custom bcrypt hash: $wp$2y$10$...
More info on this custom algo, how it uses hmac-sha384, and how to crack them with hashcat.
https://forum.hashpwn.net/post/4205
#wordpress #bcrypt #wpbcrypt #hashcracking #hashpwn #hashgen #hashcat
Hoy aprendí sobre el algoritmo de hash #bcrypt, basado en el cifrador de bloques #Blowfish, revisando un artículo de @andrea_navarro sobre extensiones de #Flask... particularmente sobre las extensiones de seguridad.
Y acabo de descubrir que es uno de los algoritmos soportados para la creación de passwords en GNU/Linux :D
Habrá que hacer algunos experimentos.
#gnu #linux #cryptography #criptografía #ciberseguridad #infosec #encrypt #hash #python #flask
Post-Quantum Cryptography Comes to Windows Insiders and Linux.
#win32 #windows #ncrypt #bcrypt #cryptography #encryption #linux
@jadi This "#OpenBSD is secure!" claim always annoyed me a lot, mainly because it doesn't tell anything: #Security in IT can only ever be defined in a context of #threat models. Without that, it's meaningless. Somewhat recently, I discovered this:
I should warn it uses some sarcasm and other confrontative language in some parts, unfortunately. But it seems to be a pretty professional analysis and assessment of (mostly) the "mitigations" OpenBSD provides in an attempt to counter "typical" attacks by at least making them harder.
I should also add that I consider this a very interesting and helpful read, and still consider OpenBSD a great project that came up with lots of great stuff (I recently used their #bcrypt code after doing some research on password hashing, for example). And I don't agree with every single criticism on that page either. I just think it's important to build assessments whether something "is secure" on a serious analytical foundation.
This is... interesting. Apparently bcrypt truncates user provided passwords at 72 byte marker. I guess one way can be to "prehash" the password with a HMAC as suggested here:
https://soatok.blog/2024/11/27/beyond-bcrypt/
The other (simpler) approach would be to, like Go's x/crypto/bcrypt, just reject all user provided passwords > 72 bytes. It is not *great*, but it works and fails "safe". Now one wonders *why* this is not the default behavior of PHP's password_hash function...
Reddit Tech VN Bot
GripNews
Cyclone
Diego Córdoba 🇦🇷
michabbb
Uckermark MacGyver 
Alvin Ashcraft 🐿️
Felix Palmen 
François