NYCPHP Meetup

NYPHP.org

[joomla] Test your passwords

David Roth davidalanroth at gmail.com
Fri Jul 6 16:52:54 EDT 2012


For added security I protect the /administrator with .htaccess username and
password.

For MySQL I use one of those long password generators for th db user.

16 characters or more sounds like a good idea too.

David Roth
On Jul 6, 2012 2:58 PM, "Scott Wolpow" <scott at wolpow.com> wrote:

>  We know the MD5 was vulnerable.
>
> All the more reason to move away from it.
> Or better yet, be able to choose our own hash.
>
> SW
>
> On 7/6/2012 2:38 PM, Gary Mort wrote:
>
> Think your Joomla! password is secure?  Here is a simple test[assuming it
> is under 15 charectors long]
>
>  Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for your
> operating system.
>
>  To check just YOUR password, run the gui , use either plus or lite, and
> enter your password hash[from the database] in the field.  Select the
> Joomla hash type - and then go ahead and run the cracker.   See how long it
> takes to figure out your password.
>
>  If your using a dictionary method, you'll need one or more wordlists,
>  you can get some dictionaries from
> http://www.skullsecurity.org/wiki/index.php/Passwords
>
>  If you have a website with lots of users that you want to check, instead
> you can run
> select `password` from #__users [replace #__ with your prefix. :-)] - and
> export the list to a text file to give to oclhashplus
>
>  Most password crackers around are limited to passwords of less than 16
> chars[because beyond that, the algorithms change for efficient lookups] -
> so while making your own passwords greater than 16 chars doesn't mean
> instant security, it does mean that it is beyond the scope of script
> kiddies who just download crackers from the internet and don't know how to
> write their own.
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing Listhttp://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Onlinehttp://www.nyphpcon.com
>
> Show Your Participation in New York PHPhttp://www.nyphp.org/show_participation.php
>
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120706/3a5c05f5/attachment.html>


More information about the Joomla mailing list