Don’t limit what characters users can enter for passwords. Only idiots do this.
Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
Never store your user’s password in plain-text.
Never email a password to your user except when they have lost theirs, and you sent a temporary one.
Never, ever log passwords in any manner.
Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).
Don’t mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies to any input that may have a rogue \0 in it, which can seriously weaken security.)
Use scrypt when you can; bcrypt if you cannot.
Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
Reset everyone’s passwords when the database is compromised.
Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the “What makes a good password?” section for some debate.)
// Generate or return salted passwords
// A higher "cost" is more secure but consumes more processing power
I wanted to erase and overwrite the data on some hard disks that I need to downgrade my RAID 5 from three 4TB WD Red to only two. The erase function on the webgui doesn’t work – something message like “don’t possible with your drive”. I search and found an alternative:
ddif=/dev/zero of=/dev/sdX bs=1Mconv=noerror
To identify the disk use fdisk and/or hdparm:
To run the dd command furthermore after disconnection from the SSH connection, use nohup: