[prev in list] [next in list] [prev in thread] [next in thread]
List: nyphp-joomla
Subject: Re: [joomla] Test your passwords
From: David Roth <davidalanroth () gmail ! com>
Date: 2012-07-06 21:38:39
Message-ID: CAN7=Vv-4=arXqs5+b6dHaBFe3Uiu6e4nQSefZyQtsAe7Ru-S7Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
.htaccess is a function of the Apache server which runs on Linux and the
Mac. You want to create a file named .htaccess and place it in the
directory you want to protect. In this case it would be /administrator.
Google for how to password protect a directory with .htaccess. I'd give the
details now but I'm away from my desk on my cell phone.
David Roth
On Jul 6, 2012 5:22 PM, "Helv=E9cio da Silva" <helvecio.rj@gmail.com> wrote=
:
> How do I run that on a Mac?
>
> 2012/7/6 David Roth <davidalanroth@gmail.com>
>
>> For added security I protect the /administrator with .htaccess username
>> and password.
>>
>> For MySQL I use one of those long password generators for th db user.
>>
>> 16 characters or more sounds like a good idea too.
>>
>> David Roth
>> On Jul 6, 2012 2:58 PM, "Scott Wolpow" <scott@wolpow.com> wrote:
>>
>>> We know the MD5 was vulnerable.
>>>
>>> All the more reason to move away from it.
>>> Or better yet, be able to choose our own hash.
>>>
>>> SW
>>>
>>> On 7/6/2012 2:38 PM, Gary Mort wrote:
>>>
>>> Think your Joomla! password is secure? Here is a simple test[assuming
>>> it is under 15 charectors long]
>>>
>>> Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for
>>> your operating system.
>>>
>>> To check just YOUR password, run the gui , use either plus or lite,
>>> and enter your password hash[from the database] in the field. Select t=
he
>>> Joomla hash type - and then go ahead and run the cracker. See how lon=
g it
>>> takes to figure out your password.
>>>
>>> If your using a dictionary method, you'll need one or more wordlists,
>>> you can get some dictionaries from
>>> http://www.skullsecurity.org/wiki/index.php/Passwords
>>>
>>> If you have a website with lots of users that you want to check,
>>> instead you can run
>>> select `password` from #__users [replace #__ with your prefix. :-)] -
>>> and export the list to a text file to give to oclhashplus
>>>
>>> Most password crackers around are limited to passwords of less than 16
>>> chars[because beyond that, the algorithms change for efficient lookups]=
-
>>> so while making your own passwords greater than 16 chars doesn't mean
>>> instant security, it does mean that it is beyond the scope of script
>>> kiddies who just download crackers from the internet and don't know how=
to
>>> write their own.
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing Listhttp://lists.nyphp.org/mailman/li=
stinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Onlinehttp://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHPhttp://www.nyphp.org/show_partic=
ipation.php
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>
>> _______________________________________________
>> New York PHP SIG: Joomla! Mailing List
>> http://lists.nyphp.org/mailman/listinfo/joomla
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
>
>
> --
> Helvecio "Elvis" da Silva
> Rio de Janeiro - Brasil - helvecio.rj@gmail.com
> http://www.helvecio.com - http://blog.helvecio.com
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
[Attachment #5 (text/html)]
<p>.htaccess is a function of the Apache server which runs on Linux and the Mac. You \
want to create a file named .htaccess and place it in the directory you want to \
protect. In this case it would be /administrator. Google for how to password protect \
a directory with .htaccess. I'd give the details now but I'm away from my \
desk on my cell phone.</p>
<p>David Roth</p>
<div class="gmail_quote">On Jul 6, 2012 5:22 PM, "Helvécio da Silva" <<a \
href="mailto:helvecio.rj@gmail.com">helvecio.rj@gmail.com</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> How do I run that on a \
Mac?<br><br><div class="gmail_quote">2012/7/6 David Roth <span dir="ltr"><<a \
href="mailto:davidalanroth@gmail.com" \
target="_blank">davidalanroth@gmail.com</a>></span><br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">
<p>For added security I protect the /administrator with .htaccess username and \
password.</p> <p>For MySQL I use one of those long password generators for th db \
user.</p> <p>16 characters or more sounds like a good idea too.</p><span><font \
color="#888888"> <p>David Roth</p></font></span><div><div>
<div class="gmail_quote">On Jul 6, 2012 2:58 PM, "Scott Wolpow" <<a \
href="mailto:scott@wolpow.com" target="_blank">scott@wolpow.com</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
We know the MD5 was vulnerable.<br>
<br>
All the more reason to move away from it.<br>
Or better yet, be able to choose our own hash.<br>
<br>
SW<br>
<br>
<div>On 7/6/2012 2:38 PM, Gary Mort wrote:<br>
</div>
<blockquote type="cite">Think your Joomla! password is secure? Here is a
simple test[assuming it is under 15 charectors long]
<div><br>
</div>
<div>Go to <a href="http://hashcat.net/hashcat-gui/" \
target="_blank">http://hashcat.net/hashcat-gui/</a> and download hashcat-gui for \
your operating system.</div> <div><br>
</div>
<div>To check just YOUR password, run the gui , use either plus or
lite, and enter your password hash[from the database] in the
field. Select the Joomla hash type - and then go ahead and run
the cracker. See how long it takes to figure out your
password.</div>
<div><br>
</div>
<div>If your using a dictionary method, you'll need one or more
wordlists, you can get some dictionaries from <a \
href="http://www.skullsecurity.org/wiki/index.php/Passwords" \
target="_blank">http://www.skullsecurity.org/wiki/index.php/Passwords</a></div> \
<div><br> </div>
<div>If you have a website with lots of users that you want to
check, instead you can run </div>
<div>select `password` from #__users [replace #__ with your
prefix. :-)] - and export the list to a text file to give to
oclhashplus</div>
<div><br>
</div>
<div>Most password crackers around are limited to passwords of
less than 16 chars[because beyond that, the algorithms change
for efficient lookups] - so while making your own passwords
greater than 16 chars doesn't mean instant security, it does
mean that it is beyond the scope of script kiddies who just
download crackers from the internet and don't know how to write
their own.</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
New York PHP SIG: Joomla! Mailing List
<a href="http://lists.nyphp.org/mailman/listinfo/joomla" \
target="_blank">http://lists.nyphp.org/mailman/listinfo/joomla</a>
NYPHPCon 2006 Presentations Online
<a href="http://www.nyphpcon.com" target="_blank">http://www.nyphpcon.com</a>
Show Your Participation in New York PHP
<a href="http://www.nyphp.org/show_participation.php" \
target="_blank">http://www.nyphp.org/show_participation.php</a></pre> </blockquote>
<br>
<br>
</div>
<br>_______________________________________________<br>
New York PHP SIG: Joomla! Mailing List<br>
<a href="http://lists.nyphp.org/mailman/listinfo/joomla" \
target="_blank">http://lists.nyphp.org/mailman/listinfo/joomla</a><br> <br>
NYPHPCon 2006 Presentations Online<br>
<a href="http://www.nyphpcon.com" target="_blank">http://www.nyphpcon.com</a><br>
<br>
Show Your Participation in New York PHP<br>
<a href="http://www.nyphp.org/show_participation.php" \
target="_blank">http://www.nyphp.org/show_participation.php</a><br></blockquote></div>
</div></div><br>_______________________________________________<br>
New York PHP SIG: Joomla! Mailing List<br>
<a href="http://lists.nyphp.org/mailman/listinfo/joomla" \
target="_blank">http://lists.nyphp.org/mailman/listinfo/joomla</a><br> <br>
NYPHPCon 2006 Presentations Online<br>
<a href="http://www.nyphpcon.com" target="_blank">http://www.nyphpcon.com</a><br>
<br>
Show Your Participation in New York PHP<br>
<a href="http://www.nyphp.org/show_participation.php" \
target="_blank">http://www.nyphp.org/show_participation.php</a><br></blockquote></div><br><br \
clear="all"><br>-- <br>Helvecio "Elvis" da Silva<br>Rio de Janeiro - Brasil \
- <a href="mailto:helvecio.rj@gmail.com" \
target="_blank">helvecio.rj@gmail.com</a><br>
<a href="http://www.helvecio.com" target="_blank">http://www.helvecio.com</a> - <a \
href="http://blog.helvecio.com" target="_blank">http://blog.helvecio.com</a><br><br> \
<br>_______________________________________________<br> New York PHP SIG: Joomla! \
Mailing List<br> <a href="http://lists.nyphp.org/mailman/listinfo/joomla" \
target="_blank">http://lists.nyphp.org/mailman/listinfo/joomla</a><br> <br>
NYPHPCon 2006 Presentations Online<br>
<a href="http://www.nyphpcon.com" target="_blank">http://www.nyphpcon.com</a><br>
<br>
Show Your Participation in New York PHP<br>
<a href="http://www.nyphp.org/show_participation.php" \
target="_blank">http://www.nyphp.org/show_participation.php</a><br></blockquote></div>
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic