#Passwortsicherheit Service Skeet
Eigentlich ist es sehr einfach, ein Brute-Force-sicheres Passwort zu vergeben: Nehmt Sätze.
Sowas wie "OmaLottesNummer99880" oder (...einfacher) "meindackelistsuess" sind echt schwer zu knacken, schaut selber.
Prinzipiell: Ab 13 Zeichen seid Ihr *relativ* Safe.
Eigentlich ist es sehr einfach, ein Brute-Force-sicheres Passwort zu vergeben: Nehmt Sätze.
Sowas wie "OmaLottesNummer99880" oder (...einfacher) "meindackelistsuess" sind echt schwer zu knacken, schaut selber.
Prinzipiell: Ab 13 Zeichen seid Ihr *relativ* Safe.
November 3, 2025 at 10:29 PM
#Passwortsicherheit Service Skeet
Eigentlich ist es sehr einfach, ein Brute-Force-sicheres Passwort zu vergeben: Nehmt Sätze.
Sowas wie "OmaLottesNummer99880" oder (...einfacher) "meindackelistsuess" sind echt schwer zu knacken, schaut selber.
Prinzipiell: Ab 13 Zeichen seid Ihr *relativ* Safe.
Eigentlich ist es sehr einfach, ein Brute-Force-sicheres Passwort zu vergeben: Nehmt Sätze.
Sowas wie "OmaLottesNummer99880" oder (...einfacher) "meindackelistsuess" sind echt schwer zu knacken, schaut selber.
Prinzipiell: Ab 13 Zeichen seid Ihr *relativ* Safe.
datapath i drew out for a hardware bcrypt implementation back in 2016
iirc i synthesized it but idr if i ever actually verified it…
iirc i synthesized it but idr if i ever actually verified it…
October 25, 2025 at 12:11 AM
datapath i drew out for a hardware bcrypt implementation back in 2016
iirc i synthesized it but idr if i ever actually verified it…
iirc i synthesized it but idr if i ever actually verified it…
New breach: Artists&Clients was breached in August and ransomed for US$50k. The data was then dumped last month and included 95k email addresses, usernames, IP addresses and bcrypt password hashes. 70% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/Artis...
Have I Been Pwned: Artists&Clients Data Breach
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly...
haveibeenpwned.com
October 4, 2025 at 1:12 AM
New breach: Artists&Clients was breached in August and ransomed for US$50k. The data was then dumped last month and included 95k email addresses, usernames, IP addresses and bcrypt password hashes. 70% were already in @haveibeenpwned.com. Read more: haveibeenpwned.com/breach/Artis...
September 18, 2025 at 7:05 PM
i will probably turn this into a function you can pass in
but i'm trying to use techniques that work everywhere without hassle - argon2 and bcrypt need rust wasm stuff on cloudflare
but i'm trying to use techniques that work everywhere without hassle - argon2 and bcrypt need rust wasm stuff on cloudflare
November 30, 2024 at 4:00 AM
i will probably turn this into a function you can pass in
but i'm trying to use techniques that work everywhere without hassle - argon2 and bcrypt need rust wasm stuff on cloudflare
but i'm trying to use techniques that work everywhere without hassle - argon2 and bcrypt need rust wasm stuff on cloudflare
Also, not for nothing, but salt+a commodity hash hasn't been best practice for password backend storage FOR LITERALLY DECADES.
Use something deliberately intended as a password hash: bcrypt, or PBKDF2, or mcrypt, or scrypt, etc.
Use something deliberately intended as a password hash: bcrypt, or PBKDF2, or mcrypt, or scrypt, etc.
October 1, 2024 at 1:35 AM
Also, not for nothing, but salt+a commodity hash hasn't been best practice for password backend storage FOR LITERALLY DECADES.
Use something deliberately intended as a password hash: bcrypt, or PBKDF2, or mcrypt, or scrypt, etc.
Use something deliberately intended as a password hash: bcrypt, or PBKDF2, or mcrypt, or scrypt, etc.
💡 Summary by GPT3:
Ergoは、Goで書かれた現代的なIRCサーバーで、統合されたサービス、バウンサーのような機能、TLS/SSLサポート、IRCv3サポートなどの機能を備えています。非常にカスタマイズ可能で、複数の言語をサポートしています。ユーザーはソースからErgoを実行したり、プラットフォームパッケージを使用したりできます。デフォルトの設定ファイルが構成を支援し、パスワードはbcryptを使用して保存されます。Ergoはニックネームやチャンネルの登録を可能にし、仕様に基づいて開発することに焦点を当てています。このプロジェクトには複数の貢献者がおり、 (1/2)
Ergoは、Goで書かれた現代的なIRCサーバーで、統合されたサービス、バウンサーのような機能、TLS/SSLサポート、IRCv3サポートなどの機能を備えています。非常にカスタマイズ可能で、複数の言語をサポートしています。ユーザーはソースからErgoを実行したり、プラットフォームパッケージを使用したりできます。デフォルトの設定ファイルが構成を支援し、パスワードはbcryptを使用して保存されます。Ergoはニックネームやチャンネルの登録を可能にし、仕様に基づいて開発することに焦点を当てています。このプロジェクトには複数の貢献者がおり、 (1/2)
December 18, 2024 at 7:44 PM
💡 Summary by GPT3:
Ergoは、Goで書かれた現代的なIRCサーバーで、統合されたサービス、バウンサーのような機能、TLS/SSLサポート、IRCv3サポートなどの機能を備えています。非常にカスタマイズ可能で、複数の言語をサポートしています。ユーザーはソースからErgoを実行したり、プラットフォームパッケージを使用したりできます。デフォルトの設定ファイルが構成を支援し、パスワードはbcryptを使用して保存されます。Ergoはニックネームやチャンネルの登録を可能にし、仕様に基づいて開発することに焦点を当てています。このプロジェクトには複数の貢献者がおり、 (1/2)
Ergoは、Goで書かれた現代的なIRCサーバーで、統合されたサービス、バウンサーのような機能、TLS/SSLサポート、IRCv3サポートなどの機能を備えています。非常にカスタマイズ可能で、複数の言語をサポートしています。ユーザーはソースからErgoを実行したり、プラットフォームパッケージを使用したりできます。デフォルトの設定ファイルが構成を支援し、パスワードはbcryptを使用して保存されます。Ergoはニックネームやチャンネルの登録を可能にし、仕様に基づいて開発することに焦点を当てています。このプロジェクトには複数の貢献者がおり、 (1/2)
I've been working with someone on a project recently, and it got me thinking, whatever happened to the state of database security? Is good'ol BCrypt/SCrypt on 'sensitive' fields like password paired with Full Disk Encryption still the extent? I've seen so few DB Security products or Native functions
August 29, 2023 at 8:51 PM
I've been working with someone on a project recently, and it got me thinking, whatever happened to the state of database security? Is good'ol BCrypt/SCrypt on 'sensitive' fields like password paired with Full Disk Encryption still the extent? I've seen so few DB Security products or Native functions
Content security policy prevents this sort of attack by stopping a XSS connecting to http://t.co/lwBfRYMX0B @bcrypt @edgeconf
June 27, 2015 at 8:33 AM
Content security policy prevents this sort of attack by stopping a XSS connecting to http://t.co/lwBfRYMX0B @bcrypt @edgeconf
Yes, principally because people who use short, weak passwords devalue the strength of the hash when the bcrypt hash is made freely available for analysis and comparison. With that old hash and the set of leaked passwords, all could be broken eventually. Hence, the need to reset.
February 5, 2024 at 8:31 PM
Yes, principally because people who use short, weak passwords devalue the strength of the hash when the bcrypt hash is made freely available for analysis and comparison. With that old hash and the set of leaked passwords, all could be broken eventually. Hence, the need to reset.
The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.
February 5, 2024 at 2:54 PM
The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.
📦 ahmed-j-alsarem/laravel-bcrypt-password v2.0.0
A Laravel package for bcrypt password hashing functionality
🔗 https://github.com/AHMED-J-ALSAREM/LaravelBcryptPassword
A Laravel package for bcrypt password hashing functionality
🔗 https://github.com/AHMED-J-ALSAREM/LaravelBcryptPassword
April 23, 2025 at 9:26 AM
📦 ahmed-j-alsarem/laravel-bcrypt-password v2.0.0
A Laravel package for bcrypt password hashing functionality
🔗 https://github.com/AHMED-J-ALSAREM/LaravelBcryptPassword
A Laravel package for bcrypt password hashing functionality
🔗 https://github.com/AHMED-J-ALSAREM/LaravelBcryptPassword
PHP developers! 👌
After Laravel, PHP 8.4 will also increase the default bcrypt cost from 10 to 12, boosting password security 🔒
This change helps keep your applications safer against modern hardware capabilities. Stay secure with the latest updates!🙌
#PHP 🚀
After Laravel, PHP 8.4 will also increase the default bcrypt cost from 10 to 12, boosting password security 🔒
This change helps keep your applications safer against modern hardware capabilities. Stay secure with the latest updates!🙌
#PHP 🚀
November 21, 2024 at 4:11 PM
PHP developers! 👌
After Laravel, PHP 8.4 will also increase the default bcrypt cost from 10 to 12, boosting password security 🔒
This change helps keep your applications safer against modern hardware capabilities. Stay secure with the latest updates!🙌
#PHP 🚀
After Laravel, PHP 8.4 will also increase the default bcrypt cost from 10 to 12, boosting password security 🔒
This change helps keep your applications safer against modern hardware capabilities. Stay secure with the latest updates!🙌
#PHP 🚀
November 4, 2024 at 8:40 PM
So @bcrypt hacked her own blog to see if she could get XSS to work by setting a link to use a javascript: @edgeconf
June 27, 2015 at 8:32 AM
So @bcrypt hacked her own blog to see if she could get XSS to work by setting a link to use a javascript: @edgeconf
Look y’all it was not for nothing that I wrote a white paper and a conference talk on HOW TO STORE PASSWORDS in systems that need authn/authz, which we have known in general since 1976 (Morris: crypto primitives are too fast) and in specific since 1999 (Provos & Mavières’ bcrypt paper published).
June 28, 2024 at 5:54 PM
Look y’all it was not for nothing that I wrote a white paper and a conference talk on HOW TO STORE PASSWORDS in systems that need authn/authz, which we have known in general since 1976 (Morris: crypto primitives are too fast) and in specific since 1999 (Provos & Mavières’ bcrypt paper published).
When I see an error message, I like to first understand why it's happening. Then, knowing what to do to fix it is usually pretty easy. Today, let's work through a Bcrypt error I bumped into recently. masteringlaravel.io/daily/2025-0...
How to fix "This password does not use the Bcrypt algorithm" | Mastering Laravel
And why does this happen?
masteringlaravel.io
February 7, 2025 at 2:04 PM
When I see an error message, I like to first understand why it's happening. Then, knowing what to do to fix it is usually pretty easy. Today, let's work through a Bcrypt error I bumped into recently. masteringlaravel.io/daily/2025-0...
ニコニコはbcryptっていう複雑なやつを使ってる
これはaiでも5日かかるらしい…
これはコストに釣り合わないね…安心?(◜◡◝)カモ
これはaiでも5日かかるらしい…
これはコストに釣り合わないね…安心?(◜◡◝)カモ
June 29, 2024 at 9:42 PM
ニコニコはbcryptっていう複雑なやつを使ってる
これはaiでも5日かかるらしい…
これはコストに釣り合わないね…安心?(◜◡◝)カモ
これはaiでも5日かかるらしい…
これはコストに釣り合わないね…安心?(◜◡◝)カモ
Best Practices for Storing and Validating Passwords in Java (BCrypt, Argon2, PBKDF2) - Java Code Geeks
Best Practices for Storing and Validating Passwords in Java (BCrypt, Argon2, PBKDF2) - Java Code Geeks
Explore best practices for hashing and validating passwords in Java using BCrypt, Argon2, and PBKDF2. Includes Spring Security examples
www.javacodegeeks.com
June 10, 2025 at 8:35 PM
Best Practices for Storing and Validating Passwords in Java (BCrypt, Argon2, PBKDF2) - Java Code Geeks
pop quiz everybody, when designing an API for your social media platform do you:
A) return the bcrypt hash of a user's password, along with their 2FA secret, AND their 2FA backup code
B) don't do that
A) return the bcrypt hash of a user's password, along with their 2FA secret, AND their 2FA backup code
B) don't do that
February 6, 2024 at 4:21 AM
pop quiz everybody, when designing an API for your social media platform do you:
A) return the bcrypt hash of a user's password, along with their 2FA secret, AND their 2FA backup code
B) don't do that
A) return the bcrypt hash of a user's password, along with their 2FA secret, AND their 2FA backup code
B) don't do that
even worse: it also has a bcrypt hash of the 6 digit, number only 2fa recovery code
February 5, 2024 at 4:21 PM
even worse: it also has a bcrypt hash of the 6 digit, number only 2fa recovery code
🚀 ووردبريس 6.8 "Cecil" متاح!
✨ الجديد: ⚡ سرعة أكبر +1.9% 🔒 أمان Bcrypt محسّن 🎨 كتاب الأنماط 🛠️ تحسينات المحرر
✅ احرص على النسخ الاحتياطي!
https://babylonhost.com/wordpress6.8
#ووردبريس #WordPress68 #BabylonHost #الأداء
✨ الجديد: ⚡ سرعة أكبر +1.9% 🔒 أمان Bcrypt محسّن 🎨 كتاب الأنماط 🛠️ تحسينات المحرر
✅ احرص على النسخ الاحتياطي!
https://babylonhost.com/wordpress6.8
#ووردبريس #WordPress68 #BabylonHost #الأداء
June 15, 2025 at 10:24 PM
🚀 ووردبريس 6.8 "Cecil" متاح!
✨ الجديد: ⚡ سرعة أكبر +1.9% 🔒 أمان Bcrypt محسّن 🎨 كتاب الأنماط 🛠️ تحسينات المحرر
✅ احرص على النسخ الاحتياطي!
https://babylonhost.com/wordpress6.8
#ووردبريس #WordPress68 #BabylonHost #الأداء
✨ الجديد: ⚡ سرعة أكبر +1.9% 🔒 أمان Bcrypt محسّن 🎨 كتاب الأنماط 🛠️ تحسينات المحرر
✅ احرص على النسخ الاحتياطي!
https://babylonhost.com/wordpress6.8
#ووردبريس #WordPress68 #BabylonHost #الأداء
So i knew the error wasn't actually auth, but that the new user wasn't getting a password attached to their object
and ah-ha! I accidently renamed the password property of the new user object password. Which doesn't exist in the user schema so it gets tossed
changing it back to password fixed it 🥳
and ah-ha! I accidently renamed the password property of the new user object password. Which doesn't exist in the user schema so it gets tossed
changing it back to password fixed it 🥳
January 20, 2025 at 5:41 AM
So i knew the error wasn't actually auth, but that the new user wasn't getting a password attached to their object
and ah-ha! I accidently renamed the password property of the new user object password. Which doesn't exist in the user schema so it gets tossed
changing it back to password fixed it 🥳
and ah-ha! I accidently renamed the password property of the new user object password. Which doesn't exist in the user schema so it gets tossed
changing it back to password fixed it 🥳
+1. Discover the "why" behind things. Have you ever wondered why the bcrypt gem is present in almost every Rails project? This article explains and compares it to other hash functions. Fun fact: one reason is precisely because it's slower...
codahale.com/how-to-safel...
codahale.com/how-to-safel...
November 15, 2024 at 5:19 PM
+1. Discover the "why" behind things. Have you ever wondered why the bcrypt gem is present in almost every Rails project? This article explains and compares it to other hash functions. Fun fact: one reason is precisely because it's slower...
codahale.com/how-to-safel...
codahale.com/how-to-safel...