Passwords

Don’ts

  • Don’t limit what characters users can enter for passwords. Only idiots do this.
  • Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
  • Never store your user’s password in plain-text.
  • Never email a password to your user except when they have lost theirs, and you sent a temporary one.
  • Never, ever log passwords in any manner.
  • Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).
  • Don’t mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies to any input that may have a rogue \0 in it, which can seriously weaken security.)

Dos

  • Use scrypt when you can; bcrypt if you cannot.
  • Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
  • Reset everyone’s passwords when the database is compromised.
  • Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the “What makes a good password?” section for some debate.)

PHP

// Generate or return salted passwords
function crypt2($password, $salt = "") {

    if($salt == "") {
        // A higher "cost" is more secure but consumes more processing power
        $cost = 10;
        
        // Create a random salt
        $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

        // Prefix information about the hash so PHP knows how to verify it later.
        // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
        $salt = sprintf("$2a$%02d$", $cost) . $salt;
    }
        
    // Hash the password with the salt
    $hash = crypt($password, $salt);

    return $hash;
    
}
// Save password
$hash = crypt2($user_password); // hash the password with salt
dbquery("UPDATE users SET user_hash='".$hash."' WHERE user_id='1'");
// Login
$sql = "SELECT user_hash FROM users WHERE user_loginname='Admin' LIMIT 1";
[...]
$data = dbarray($result);

if (hash_equals($data['user_hash'], crypt2($user_pass, $data['user_hash']))) {
    // Ok!
}

white-space: pre-warp don’t work at Internet Explorer

Today i noticed that our Knowledge Base looks ugly at Internet Explorer. It seems that he ignoring the following CSS attribute:

white-space: pre-warp

After a few test I found out, that by default IE use for intranet page the compatibility mode. OMG…

There are two ways to change this. First you can add a meta attribute the every page:

<meta http-equiv="X-UA-Compatible" content="IE=Edge" />

or you can use the Apache Module mod_headers which is my choise:
1. Change Apache2 Config to load the headers_module

LoadModule headers_module modules/mod_headers.so
  1. Change now the vhost.conf and add the Header
Header set X-UA-Compatible “IE=Edge”
  1. Reload Apache2

ODD drive is not recognized in Windows 8.x/10

After you install Windows 8.x or Windows 10, you may find the CD/DVD drive is not recognized. Resolution:

Open Command Prompt as an Administrator and run the following command:

reg.exe add "HKLM\System\CurrentControlSet\Services\atapi\Controller0" /f /v EnumDevice1 /t REG_DWORD /d 0x00000001

Reboot the system and verify if the problem has been resolved.

Disable Apple HFS driver helps with Veeam Entpoint Backup and VSS errors

Do you have problems with Veeam Entpoint Backup or Windows Backup fails with VSS error 12289 on a iMac? Just disable the Apple HFS driver and reboot. I use Autoruns from Sysinternals for that:

After that you have no access to the OS X HFS partitions, but for me this is no problem. I haven’t use that any time.

Install IPKG on a Synology DS415play

I search for a easy guid to install ipkg on my Synology DS415play with Intel Atom CPU. I found a guid by Edward P:

Connect to your NAS as root through SSH
Go to a temporary folder, for example:

cd /volume1/@tmp

Download the bootstrap script:

wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xsh

Make the downloaded script file executable:

chmod +x syno-i686-bootstrap_1.2–7_i686.xsh

Execute the bootstrap script:

sh syno-i686-bootstrap_1.2–7_i686.xsh

Installation should now be completed. To test it, run:

ipkg update

Enjoy.

Erase and overwrite Disk on Synology DiskStation

I wanted to erase and overwrite the data on some hard disks that I need to downgrade my RAID 5 from three 4TB WD Red to only two. The erase function on the webgui doesn’t work – something message like “don’t possible with your drive”. I search and found an alternative:

dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

To identify the disk use fdisk and/or hdparm:

fdisk -l
hdparm -I /dev/sdX

To run the dd command furthermore after disconnection from the SSH connection, use nohup:

nohup dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror

Add a physical disk to VMware Fusion

1. Get Disk-ID from Disk Utility.app (“disk1” in my case)
2. Open Terminal
3.Change current directory to:

/Applications/VMware Fusion.app/Contents/Library/

4. Run vmware-rawdiskCreator with the right disk. This will create a new external-hdd.vmdk file in your home folder:

./vmware-rawdiskCreator create /dev/disk1 fullDevice ~/external-hdd ide

5. Open Vm Config file (*.vmx) with TextEdit and add following lines:

ide1:1.present = "TRUE"
ide1:1.fileName = "external-hdd.vmdk"

6. save and quit