NYCPHP Meetup

NYPHP.org

[joomla] Test your passwords

David Roth davidalanroth at gmail.com
Fri Jul 6 17:38:39 EDT 2012


.htaccess is a function of the Apache server which runs on Linux and the
Mac. You want to create a file named .htaccess and place it in the
directory you want to protect. In this case it would be /administrator.
Google for how to password protect a directory with .htaccess. I'd give the
details now but I'm away from my desk on my cell phone.

David Roth
On Jul 6, 2012 5:22 PM, "Helvécio da Silva" <helvecio.rj at gmail.com> wrote:

> How do I run that on a Mac?
>
> 2012/7/6 David Roth <davidalanroth at gmail.com>
>
>> For added security I protect the /administrator with .htaccess username
>> and password.
>>
>> For MySQL I use one of those long password generators for th db user.
>>
>> 16 characters or more sounds like a good idea too.
>>
>> David Roth
>> On Jul 6, 2012 2:58 PM, "Scott Wolpow" <scott at wolpow.com> wrote:
>>
>>>  We know the MD5 was vulnerable.
>>>
>>> All the more reason to move away from it.
>>> Or better yet, be able to choose our own hash.
>>>
>>> SW
>>>
>>> On 7/6/2012 2:38 PM, Gary Mort wrote:
>>>
>>> Think your Joomla! password is secure?  Here is a simple test[assuming
>>> it is under 15 charectors long]
>>>
>>>  Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for
>>> your operating system.
>>>
>>>  To check just YOUR password, run the gui , use either plus or lite,
>>> and enter your password hash[from the database] in the field.  Select the
>>> Joomla hash type - and then go ahead and run the cracker.   See how long it
>>> takes to figure out your password.
>>>
>>>  If your using a dictionary method, you'll need one or more wordlists,
>>>  you can get some dictionaries from
>>> http://www.skullsecurity.org/wiki/index.php/Passwords
>>>
>>>  If you have a website with lots of users that you want to check,
>>> instead you can run
>>> select `password` from #__users [replace #__ with your prefix. :-)] -
>>> and export the list to a text file to give to oclhashplus
>>>
>>>  Most password crackers around are limited to passwords of less than 16
>>> chars[because beyond that, the algorithms change for efficient lookups] -
>>> so while making your own passwords greater than 16 chars doesn't mean
>>> instant security, it does mean that it is beyond the scope of script
>>> kiddies who just download crackers from the internet and don't know how to
>>> write their own.
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing Listhttp://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Onlinehttp://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHPhttp://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>
>> _______________________________________________
>> New York PHP SIG: Joomla! Mailing List
>> http://lists.nyphp.org/mailman/listinfo/joomla
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
>
>
> --
> Helvecio "Elvis" da Silva
> Rio de Janeiro - Brasil - helvecio.rj at gmail.com
> http://www.helvecio.com - http://blog.helvecio.com
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120706/4e9e3030/attachment.html>


More information about the Joomla mailing list