php – password_verify does not validate passwords with more than one character

I have a problem verifying the entered passwords with two or more characters.
I have a varchar (255) field in the password database and include it
password_hash ($ _ POST (& # 39; login & # 39;), PASSWORD_DEFAULT) and check it out with
password_verify ($ _ POST (& # 39; password & # 39;), $ password). The fact is that if I enter a password "a", it will be checked without problems, but if the password is "aa", it will not be checked anymore. This is very disturbing, I would understand that it will not work, but that it only works with one-character passwords seems pretty rare.
This is the query to the database:

public function existeUsuario($usuario) {
        self::accesoDB();
        $registro = null;
        try {
            $consulta = "SELECT * FROM Usuarios WHERE usuario = :usuario";
            $resultado = self::$conexion->prepare($consulta);
            $resultado->bindParam(":usuario", $usuario);
            $resultado->execute();
            if ($resultado->rowCount() > 0) {
                $registro = $resultado->fetchall();
            }
            return $registro;
        } catch (PDOExceptio $e) {
            echo "Código de error: " . $e->getCode() . "
"; echo "Mensaje: " . $e->getMessage() . "
"; echo "Línea: " . $e->getLine() . "
"; echo "Procedencia " . $e->getTraceAsString() . "
"; } }

This is the query to create the user:

public function nuevoUsuario($usuario, $password) {
        self::accesoDB();
        try {
            if (!self::existeUsuario($usuario)) {
                $consulta = "INSERT INTO Usuarios (usuario, password)"
                        . " VALUES (:usuario, :password)";
                $resultado = self::$conexion->prepare($consulta);
                $resultado->bindParam(":usuario", $usuario);
                $resultado->bindParam(":password", $password);
                $resultado->execute();
                return true;
            } else {
                return false;
            }
        } catch (PDOExceptio $e) {
            echo "Código de error: " . $e->getCode() . "
"; echo "Mensaje: " . $e->getMessage() . "
"; echo "Línea: " . $e->getLine() . "
"; echo "Procedencia " . $e->getTraceAsString() . "
"; } }

The code to create the password is:

$registro = DB::existeUsuario($_POST('login'));
                if (!$registro == null) {
                    $mensaje = "Ese usuario ya existe, por favor introduzca otro.";
                } else {
                    // Encriptamos la contraseña
                    $passwordHash = password_hash($_POST('login'), PASSWORD_DEFAULT);
                    $resultado = DB::nuevoUsuario($_POST('login'), $passwordHash);

The code for confirming the password is:

 $registro = DB::existeUsuario($_POST('login'));
 // Si los datos introducidos son correctos, mostramos las opciones de la página
  if ($registro !=null) {
  // Recuperamos de la base de datos los datos del usuario con ese login
      foreach ($registro as $datos) {
         $login = $datos(0);
         $password = $datos(1);
         // Comprobamos que la contraseña introducida sea la misma que la almacenada como hash
         if (password_verify($_POST('password'), $password)) {
            $mensaje = "Contraseña correcta."
         }





Passwords – PUTTY – Unsafe SSH Client?

In the context of ssh, "credentials" can have two meanings.

Plaintext password

It is true that registering a clear text password as plaintext, i. H. Without encryption or something, at least a bad practice for security reasons. However, they encrypt correctly is simply impossible: Putty has to somehow access these when it authenticates to the remote server. It would have to be decrypted for that. It does not matter how it's done, a potential attacker could do the same. Encrypting the password would be security through unknownness, so it would not have much security gain.

Although using the same encryption or an improved SSH protocol that somehow bypasses it would obviously be better, the difference is not as great as it seems at first glance.

Public / private key pair

The public key can be sent to any location, the private key should be kept secret. In this context, the same applies to the private key as to the password: if someone can read the private key, he can also manipulate the putty process to extract it for him.


The most important thing you need to know: To get credentials, you must have access to the client computer (either as an administrator account or as a user account). With this access even an encrypted password can be intercepted, eg. By using a keylogger or by hacking your putty process.

This is an inherent security weakness of all password or key based authentication systems. The only solution if the authentication is on a different channel is from another system from which the connection was initiated. There are several solutions for this, multi-factor authentication or Kerberos. Most SSH programs (including Putty and OpenSH servers) support the second, although it is rarely used in daily practice.

Daily practice is not giving anyone physical access to your client computer. If they have access, they can do much more than just access their SSH keys / passwords.

Save passwords and reuse them later

Let's assume the following scenario

I'm writing an application where you can log in and then provide credentials for another system, such as: For example, for your e – mail account, FTP account, etc
The application reuses these credentials later when it tries to log in to these services to perform a specific task. These tasks run in the background through a cron script, and the user does not have to log in each time to provide credentials for these services.
This means I need to securely store the credentials. But how? I would prefer to save them in the database, but for obvious reasons they can not be plain text. So how can I keep it safe?
SEMrush

Thank you very much

c – Please be for tomorrow How are passwords generated for each entered name and how is a function created to display the next password to be retrieved?

The program is based on passwords that are automatically generated for each registered user, e.g. For example, answering a bank that generates a password and displays the next password to call … Follow the code below.

#include   
#include   

struct NO{  
 char dados(100);  
 int senha;  
 struct NO *prox;  
};  
typedef struct NO no;  

int tam;  

int menu(void);  
void inicia(no *FILA);  
void opcao(no *FILA, int op);  
void exibe(no *FILA);  
void exibeSenha(no *FILA);  
void libera(no *FILA);  
void adiciona(no *FILA);  
no *exclui(no *FILA);  


int main(void)  
{  
 no *FILA = (no*) malloc(sizeof(no));  
 if(!FILA){  
  printf("Sem memoria disponivel!n");  
  exit(1);  
 }else{  
 inicia(FILA);  
 int opt;  

 do{  
  opt=menu();  
  opcao(FILA,opt);  
 }while(opt);  

 free(FILA);  
 return 0;  
 }  
}  

void inicia(no *FILA)  
{  
 FILA->prox = NULL;  
 tam=0;  
}  

int menu(void)  
{  
 int opt;  

 printf("nnEscolha a opcaon");  
 printf("0. Sairn");  
 printf("1. Cadastrar novo clienten");  
 printf("2. Exibir lista de clientesn");  
 printf("3, Proxinha senha a ser chamadan");  
 printf("4. Excluir cliente/senhann");  
 printf("Opcao: "); scanf("%d", &opt);  

 return opt;  
}  

void opcao(no *FILA, int op)  
{  
 no *tmp;  
 switch(op){  
  case 0:  
   libera(FILA);  
   break;  

  case 1:  
   adiciona(FILA);  
   break;  

  case 2:  
   exibe(FILA);  
   break;  

  case 3:  
   exibeSenha(FILA);  
   break;  

  case 4:  
   tmp= exclui(FILA);  
   break;  

   default:  
   printf("Comando invalidonn");  
 }  
}  

int vazia(no *FILA)   
{  
 if(FILA->prox == NULL)  
  return 1;  
 else  
  return 0;  
}  

no *aloca()  
{  
 no *novo=(no *) malloc(sizeof(no));  
 if(!novo){  
  printf("Sem memoria disponivel!n");  
  exit(1);  
 }else{  
  printf("nNovo elemento: "); scanf("%s", &novo->dados);  
  return novo;  
 }  
}  


void exibe(no *FILA)  
{  

 if(vazia(FILA)){  
  printf("FILA vazia!nn");  
  return ;  
 }  
 no *tmp;  
 tmp = FILA->prox;     
 while( tmp != NULL){  

  printf("%s - ", tmp->dados);  
  tmp = tmp->prox;  
 }  


}  


void exibeSenha (no *FILA) {  
    if(vazia(FILA)) {  
        printf("Sem nenhuma senha cadastrada. Fila vazia!n");  
        return ;  
    }  



}  

void libera(no *FILA)  
{
 if(!vazia(FILA)){  
  no *proxNO,  
     *atual;  

  atual = FILA->prox;  
  while(atual != NULL){  
   proxNO = atual->prox;  
   free(atual);  
   atual = proxNO;  
  }  
 }  
}  

void adiciona(no *FILA)  
{  
 no *novo=aloca();  
 novo->prox = NULL;  

 if(vazia(FILA))  
  FILA->prox=novo;  
 else{  
  no *tmp = FILA->prox;  

  while(tmp->prox != NULL)  
   tmp = tmp->prox;  

  tmp->prox = novo;  
 }  
 tam++;  
}  


no *exclui(no *FILA)  
{  
 no *ultimo;  
 if(FILA->prox == NULL){  
  printf("FILA ja vaziann");  
  return NULL;  
 }else{  
  no *ultimo = FILA->prox;  
  FILA->prox=ultimo->prox;  
  free(ultimo);  

  while(ultimo->prox != NULL){  
   ultimo = ultimo->prox;  
  }  

  ultimo->prox = NULL;  
  tam--;  
  return ultimo;  
 }  
} 

TWRP memory for decrypting passwords – Android Enthusiasts Stack Exchange

This TWRP requires a password because of your /data is encrypted, which is pre-set since Android 6.

To permanently decrypt the file system, you must format /data and flashing a "disable Force Encryption" package. Note this formatting /data deletes all your files, including photos, music, etc. in your internal memory,

Also, be careful when flashing other ROMs or using OTAs /data re-encrypted and you need to reformat it again. You must update the Force Encryption Disabler each time you update another ROM / OTA.

Passwords – How does nirsoft PassView work?

I've reviewed some password-cracking tutorials and came across a password-recovery tool called PassView by nirsoft. It looks like it can recover passwords that are stored in e-mail clients, web browsers, and so on. So I'm wondering how it works under the hood. I think if the passwords are stored somewhere in plain text, we can always extract them manually. Is that correct?

Passwords – Get root privileges on the web cam

I bought a webcam from aliexpress for a few dollars to hack and get root privileges. The first few attempts went well and I found out how to connect to a non-root user named default via Telnet. Now I have access to the file system, but it is not root.

Later, I noticed that there is a shell script called /home/start.sh that runs every time the camera is rebooted. The root executes this script and the default user can edit it with the VI Editor. At first I thought BINGOOO !!!!

I wrote the following command at the bottom of the file /home/start.sh, hoping to reset the root password.

echo "test" > /home/pw_reset.dat
echo "test" >> /home/pw_reset.dat
passwd root < /home/pw_reset.dat 2> /home/err.log

It did not work as expected and the error message was something like this:

/ etc / passwd read-only file system …

Googling this error message, I have come up with a command to mount the root disk with read rights:

mount -o reinstall, rw /

that did not help me .. now I'm stuck and need your help guys. The running on the webcam Linux does not support many commands, such as the chown can not be found

Please tell me your ideas and examples of what I can keep trying to get root access.

The start.sh script is run by root. What kind of Hacky Hack do I need to change root pw? thank you in advance

phpmyadmin – Problem with encrypting passwords in MySQL

When I submit my form information to the database, no records are saved for the function password_hash, I only throw the following error:
Notice: Only variables should be passed by reference in C:wamp64wwwPractica HTMLinsertar.php on line 15

I would appreciate your help since I was stuck for a while.

This is the PHP connection:

prepare("INSERT INTO prueba1(nombre, email, clave, comentario) VALUES (:nombre, :email, :clave, :comentario)");
        if (!$sql) {
            echo "nPDO::errorInfo():n";
            print_r($PDO->errorInfo());
        }
        else
        {
            $sql->bindParam(':nombre',$_POST('nombre'));
            $sql->bindParam(':email',$_POST('email'));
            $sql->bindParam(':clave', password_hash($_POST('clave'), PASSWORD_DEFAULT));
            $sql->bindParam(':comentario',$_POST('comentario'));
            $sql->execute();
        }
    }
    catch(PDOException $e) {
               echo "Fallo de conexion al enviar los datos:".$e ->getMessage();
    }  
?>