## Wi-Fi – How do I save WIFI usernames and passwords in Android TV?

I have to change the WIFI settings every time because my brother and I only have phones with the internet. That's why I need to set up my internet on TV after using my brother.
This is time consuming.
It would be nice if the TV remembers the username and password. Now he forgets everything when you change the wireless connection.

TV: Philips 65PUS8503 65 "Smart 4K Ultra HD LED
Software: Latest (TPM171E_R.105.001.002.075, Date Created Mon Sep 17 14:36:13 CST 2018)

## Key Management – Assuming FDE – what are passwords that protect private GPG / SSH keys?

SSH and GPG ask for passphrases during key generation. GPG also indicates (at least from my experience) warnings if one is not provided and asks for confirmation that no security is indeed desirable.

So it seems important to provide such passphrases.

However, assuming full disk encryption, I can not fully understand why?

My (probably flawed) thinking is as follows. These are threats to private keys:

• Equipment theft; However, if someone steals a device that is off, the FDE will already protect me from it (at least until the thief is strong enough to apply the rubber hose decoding on me).
• Instantaneous physical access; but in that case, I'll be hosed down anyway;
• My PC is at risk, someone has managed to install malware on my device. In this case, I'm also hosed down because I've installed a keylogger that steals my passphrase. And even if the attacker could not root my PC!

The only scenario that I can think of when the passphrase is good is the theft of a powered-on device. then the passphrase could actually save me; but I do not think such a scenario is very likely. On the other hand, it is annoying to have to re-enter the passphrase each time I send a git or e-mail.

What is the use of passphrases that protect private SSH / GPG keys that I do not know about?

## Passwords – How Safe Is My Hash Algorithm?

This is probably the most common stack exchange question, but I need to know if that's really safe, it seems?

``````        // Password Hashing Level 1
\$ a_hash_user = sha1 (\$ a_username);
\$ a_hash_user = md5 (\$ a_username);
// last step
\$ a_password_combined = md5 (\$ a_user_pass);
// Final hash
``````

I'd like to create a password creation algorithm that is not clunkable or at least give those who want all of those passwords a hard time 🙂
Tell me what you think about it.

## Credentials – How to securely store passwords in a Linux configuration file?

In my Linux system, there is a file named .fetchmailrc that configures the email address from which fetchmail gets the emails. Therefore, I have to enter my password and my e-mail address in plain text.

This is how the .fetchmailrc file looks like:

``````set daemon 1
Set the log file /home/user/.fetchmail.log
do not set bouncemail

mda "/ usr / bin / procmail -d% T"
``````

I think there needs to be a better way, because if a hacker gets access to my server, he can easily read the file and get my credentials.

I've heard that there are PAMs (Pluggable Authentication Modules) in Linux systems, but I do not know if that's related to what I'm trying to do.

## Passwords – Is PSexec from Windows 10 still possible?

While I was playing with responders on my private network, I managed to find the NTLMv2 hash on my host computer and even crack it using some custom rule sets and hashcat. However, I do not seem to be able to use these credentials to gain access to my computer. So far, I've tried wmiexec out of impacket, MSF PSexec, and CME, and although CME logged in to the machine (unlike the others), it did not run any of the scripts I initially entered as a parameter.

Does that mean that Windows 10 is completely safe from attackers, even if some lenders are known?

## Mac 10.13, 10.14 Where are the hash passwords?

I ran to display the contents of a shadow file for a user:

``````sudo plutil -p / var / db / dslocal / node / default / user /.plist
``````

But if I come to default, is the permission denied, either as a user or as a root, any ideas?

## Authentication – Security of E-Mail Passwords (SMTP / POP)

There are two distinct aspects to the configuration – connection-level security and authentication-level security. Because the level of protection (TLS) protects both, authentication level security is typically low (Normal Password). As long as you use TLS (SMTP / POP / IMAP over either SSL / TLS or STARTTLS) everything is fine.

## Why?

Before SSL / TLS / STARTTLS became commonplace, credentials were the only part of the connection that people were protecting. As you say, emails can be sent unencrypted as soon as they leave your server. The people were therefore not very worried about the reading potential. However, they were worried about their references. And these credentials were used to pass an unencrypted SMTP / POP / IMAP connection.

Because of this, a number of protocols have been developed that are specifically designed to encrypt the credentials. Digest MD5, GSSAPI, and OAUTH were all secure SMTP AUTH methods that could be used over an unencrypted connection. For the more common PLAIN and LOGIN types, which do not encrypt the credentials, the password remains vulnerable if there was no connection-level encryption,

But then the world began to encrypt the connection. SMTP, POP, and IMAP clients and servers have added support for SSL / TLS or STARTTLS to protect the entire connection. Once common, there was little reason to use the more complex proprietary SMTP AUTH methods because the TLS would provide the required protection. That's why your ISP only offers "Normal Password" (that's PLAIN and / or LOGIN) – he knows the TLS layer protects you.

(In fact, some stronger methods weaken security by having the server store plain text or a reversibly encrypted copy of each user's password, not just a one-way hash of it.)

## Passwords – What can attackers do to increase the number of attempts in a brute-force attack as the number of attempts increases?

I know this post (about Moore's Law and Brute Force Attack). Accept $\inline y$ is the number of brute-force attempts we have $\inline \frac{dy}{dt} = k \cdot 2^{\frac{t}{2}}$,

What I want to ask is this: Suppose an attacker has launched a brute force attack. Can he / she increase the number of attempts by further attempts? Is there a factor that contributes to a? $\inline y$-term on $\inline RHS$?

The only thing I can think about is a reverse brute-force attack. The attacker continuously attempts to log on to different systems (eg web server). A small proportion of them are expected to use weak passwords. As the number of brute force attempts increases, the attacker gains more processing power by creating a botnet (the actual gain is related to the distribution of the security level of the web server) and helps him / her

Any other ideas? Thank you in advance.