iamcal.com

Blind hashing

nobody@domain.com (Cal Henderson) — Fri, 20 Jul 2012 16:55:00 +0000

In the wake of password-hacking-month (Linkedin, Last.fm, Yahoo, etc) Jeremy Spilman talks about an interesting idea for increasing the cost to stealing password databases, rather than just the hashing: part 1, part 2

Shut up and use bcrypt

nobody@domain.com (Cal Henderson) — Sat, 9 Jun 2012 19:32:00 +0000

With all the current excitement about leaked password databases, I thought I'd take the time to make doing it the right way a bit easier. If you're working on a PHP app, start using lib_bcrypt right now.

12th April, 9:29 pm

nobody@domain.com (Cal Henderson) — Thu, 12 Apr 2012 21:29:00 +0000

the mechanics behind zxcvbn are fascinating.

13th April, 5:29 am

nobody@domain.com (Cal Henderson) — Wed, 13 Apr 2011 05:29:00 +0000

did i ever link to the article on password usability? i meant to

16th November, 7:39 pm

nobody@domain.com (Cal Henderson) — Tue, 16 Nov 2010 19:39:00 +0000

could israelification be the answer to north america's air security?

26th October, 10:57 pm

nobody@domain.com (Cal Henderson) — Tue, 26 Oct 2010 22:57:00 +0000

tom taylor's thoughts on firesheep pretty much match my own

24th July, 6:46 pm

nobody@domain.com (Cal Henderson) — Fri, 24 Jul 2009 18:46:00 +0000

adobe recommends against visiting untrusted sites until the flash bug is fixed. oh, like the whole web. great

6th September, 8:51 pm

nobody@domain.com (Cal Henderson) — Tue, 6 Sep 2005 20:51:00 +0000

bookmarked for later: nessus vunerability scanner.

20th April, 4:27 pm

nobody@domain.com (Cal Henderson) — Wed, 20 Apr 2005 16:27:00 +0000

bruce's piece on hacking the papal election is an interesting read.