[OWASP-Security101] hard coded password

Jim Manico jim.manico at owasp.org
Sat Jun 9 18:50:59 UTC 2012


Try this: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Jun 9, 2012, at 2:25 AM, MNMS srinivas <mnms.srinivas at gmail.com> wrote:

> Hi,
>
>           We are using an hardcoded password in our control system. This
> password defined in an macro definition and any hacker can be extracted the
> hardcoded password from the executable image.Assume this hardcoded password
> has length of 5 bytes (letters).
>
>         Now i want to has the password using any standard algorithm. Could
> you please suggest the suitable hashing algorithm for this case.And how can
> we compare different  hashing algorithms ?
>
> Thanks
> Srinivas
>
>
>
> On Fri, May 11, 2012 at 5:30 PM, <security101-request at lists.owasp.org>wrote:
>
>> Send Security101 mailing list submissions to
>>       security101 at lists.owasp.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>       https://lists.owasp.org/mailman/listinfo/security101
>> or, via email, send a message with subject or body 'help' to
>>       security101-request at lists.owasp.org
>>
>> You can reach the person managing the list at
>>       security101-owner at lists.owasp.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Security101 digest..."
>>
>>
>> Today's Topics:
>>
>>  1. hard coded password (MNMS srinivas)
>>  2. Re: hard coded password (Eric Brown)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 10 May 2012 18:00:30 +0530
>> From: MNMS srinivas <mnms.srinivas at gmail.com>
>> To: security101 at lists.owasp.org
>> Subject: [OWASP-Security101] hard coded password
>> Message-ID:
>>       <CAO526Mhw5mJPvoyNRH=QXUEJiRF-TWWdo=qF80xJx6bwp=howA at mail.gmail.com
>>>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Hi all,
>>
>> What is the best way to replace/remove  the hard coded password from the
>> binary image ?
>>
>> --
>> M.N.M.S.SRINIVAS.
>>
>>
>> BE GOOD DO GOOD
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Thu, 10 May 2012 17:18:28 -0500
>> From: Eric Brown <ericbrow at gmail.com>
>> To: security101 at lists.owasp.org
>> Subject: Re: [OWASP-Security101] hard coded password
>> Message-ID:
>>       <CAPPm6m2Zm=1VHhUbBpx5fWTEsgkq0M0eEzRDBsoxXNajO4joNw at mail.gmail.com
>>>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Can you be a little more specific as to what kind of binary image?
>> Platform?  Device?  Software?  Image?  Document?
>>
>> On Thu, May 10, 2012 at 7:30 AM, MNMS srinivas <mnms.srinivas at gmail.com>
>> wrote:
>>> Hi all,
>>>
>>> What is the best way to replace/remove ?the hard coded password from the
>>> binary image ?
>>>
>>> --
>>> M.N.M.S.SRINIVAS.
>>>
>>>
>>> BE GOOD DO GOOD
>>> _______________________________________________
>>> Security101 mailing list
>>> Security101 at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/security101
>>> List Run By OWASP
>>> List Admin: Michael.Coates at owasp.org
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Security101 mailing list
>> Security101 at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/security101
>>
>>
>> End of Security101 Digest, Vol 4, Issue 2
>> *****************************************
>>
>
>
>
> --
> M.N.M.S.SRINIVAS.
>
>
> BE GOOD DO GOOD
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list