$bLOG

Passwords

Don’ts

Don’t limit what characters users can enter for passwords. Only idiots do this.
Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
Never store your user’s password in plain-text.
Never email a password to your user except when they have lost theirs, and you sent a temporary one.
Never, ever log passwords in any manner.
Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).
Don’t mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies to any input that may have a rogue \0 in it, which can seriously weaken security.)

Dos

Use scrypt when you can; bcrypt if you cannot.
Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
Reset everyone’s passwords when the database is compromised.
Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the “What makes a good password?” section for some debate.)

PHP

// Generate or return salted passwords
function crypt2($password, $salt = "") {

    if($salt == "") {
        // A higher "cost" is more secure but consumes more processing power
        $cost = 10;
        
        // Create a random salt
        $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

        // Prefix information about the hash so PHP knows how to verify it later.
        // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
        $salt = sprintf("$2a$%02d$", $cost) . $salt;
    }
        
    // Hash the password with the salt
    $hash = crypt($password, $salt);

    return $hash;
    
}

// Generate or return salted passwords

function crypt2($password, $salt = "") {

if($salt == "") {

// A higher "cost" is more secure but consumes more processing power

$cost = 10;

// Create a random salt

$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

// Prefix information about the hash so PHP knows how to verify it later.

// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.

$salt = sprintf("$2a$%02d$", $cost) . $salt;

}

// Hash the password with the salt

$hash = crypt($password, $salt);

return $hash;

}

// Save password
$hash = crypt2($user_password); // hash the password with salt
dbquery("UPDATE users SET user_hash='".$hash."' WHERE user_id='1'");

// Save password

$hash = crypt2($user_password); // hash the password with salt

dbquery("UPDATE users SET user_hash='".$hash."' WHERE user_id='1'");

// Login
$sql = "SELECT user_hash FROM users WHERE user_loginname='Admin' LIMIT 1";
[...]
$data = dbarray($result);

if (hash_equals($data['user_hash'], crypt2($user_pass, $data['user_hash']))) {
    // Ok!
}

// Login

$sql = "SELECT user_hash FROM users WHERE user_loginname='Admin' LIMIT 1";

[...]

$data = dbarray($result);

if (hash_equals($data['user_hash'], crypt2($user_pass, $data['user_hash']))) {

// Ok!

}

Via: stackoverflow.com, alias.io

Disable the Lock Screen on Windows 10

Open Group Policy Editor (gpedit.msc), goto Computer Configuration > Administrative Templates > Control Panel > Personalization > Do not display the lock screen

Replace SMD switch in car remote door control

I replaced all 6 x 3.5 x 4.3mm SMD switches in my car remote door control with new ones:

white-space: pre-warp don’t work at Internet Explorer

Today i noticed that our Knowledge Base looks ugly at Internet Explorer. It seems that he ignoring the following CSS attribute:

white-space: pre-warp

1	white-space: pre-warp

After a few test I found out, that by default IE use for intranet page the compatibility mode. OMG…

There are two ways to change this. First you can add a meta attribute the every page:

<meta http-equiv="X-UA-Compatible" content="IE=Edge" />

1	<meta http-equiv="X-UA-Compatible" content="IE=Edge" />

or you can use the Apache Module mod_headers which is my choise:
1. Change Apache2 Config to load the headers_module

LoadModule headers_module modules/mod_headers.so

1	LoadModule headers_module modules/mod_headers.so

Change now the vhost.conf and add the Header

Header set X-UA-Compatible “IE=Edge”

1	Header set X-UA-Compatible “IE=Edge”

Reload Apache2

ODD drive is not recognized in Windows 8.x/10

After you install Windows 8.x or Windows 10, you may find the CD/DVD drive is not recognized. Resolution:

Open Command Prompt as an Administrator and run the following command:

reg.exe add "HKLM\System\CurrentControlSet\Services\atapi\Controller0" /f /v EnumDevice1 /t REG_DWORD /d 0x00000001

1	reg.exe add "HKLM\System\CurrentControlSet\Services\atapi\Controller0" /f /v EnumDevice1 /t REG_DWORD /d 0x00000001

Reboot the system and verify if the problem has been resolved.

Via: blogs.technet.com

Disable Apple HFS driver helps with Veeam Entpoint Backup and VSS errors

Do you have problems with Veeam Entpoint Backup or Windows Backup fails with VSS error 12289 on a iMac? Just disable the Apple HFS driver and reboot. I use Autoruns from Sysinternals for that:

After that you have no access to the OS X HFS partitions, but for me this is no problem. I haven’t use that any time.

Via: www.tenforums.com

Install IPKG on a Synology DS415play

I search for a easy guid to install ipkg on my Synology DS415play with Intel Atom CPU. I found a guid by Edward P:

Connect to your NAS as root through SSH
Go to a temporary folder, for example:

cd /volume1/@tmp

1	cd /volume1/@tmp

Download the bootstrap script:

wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xsh

1	wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xsh

Make the downloaded script file executable:

chmod +x syno-i686-bootstrap_1.2–7_i686.xsh

1	chmod +x syno-i686-bootstrap_1.2–7_i686.xsh

Execute the bootstrap script:

sh syno-i686-bootstrap_1.2–7_i686.xsh

1	sh syno-i686-bootstrap_1.2–7_i686.xsh

Installation should now be completed. To test it, run:

ipkg update

1	ipkg update

Enjoy.

Via: medium.com

Erase and overwrite Disk on Synology DiskStation

I wanted to erase and overwrite the data on some hard disks that I need to downgrade my RAID 5 from three 4TB WD Red to only two. The erase function on the webgui doesn’t work – something message like “don’t possible with your drive”. I search and found an alternative:

dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

1	dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

To identify the disk use fdisk and/or hdparm:

fdisk -l

fdisk -l

hdparm -I /dev/sdX

1	hdparm -I /dev/sdX

To run the dd command furthermore after disconnection from the SSH connection, use nohup:

nohup dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

1	nohup dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

Add a physical disk to VMware Fusion

1. Get Disk-ID from Disk Utility.app (“disk1” in my case)
2. Open Terminal
3.Change current directory to:

/Applications/VMware Fusion.app/Contents/Library/

1	/Applications/VMware Fusion.app/Contents/Library/

4. Run vmware-rawdiskCreator with the right disk. This will create a new external-hdd.vmdk file in your home folder:

./vmware-rawdiskCreator create /dev/disk1 fullDevice ~/external-hdd ide

1	./vmware-rawdiskCreator create /dev/disk1 fullDevice ~/external-hdd ide

5. Open Vm Config file (*.vmx) with TextEdit and add following lines:

ide1:1.present = "TRUE"
ide1:1.fileName = "external-hdd.vmdk"

1 2	ide1:1.present = "TRUE" ide1:1.fileName = "external-hdd.vmdk"

6. save and quit

Via: techrem.blogspot.de