Authentication - Password

Card Puncher Data Processing


Password credentials (i.e., username and password) is something you know and is therefore a group identifier.

Strip Le Mot D Epasse Du Noob

Het kostte me deze keer slechts 37 pogingen voor ik een wachtwoord bedacht dan aan alle regels voldeed.

How to send an 'E mail' - 1984

Password vs Cryptographic Key

Password Cryptographic Key
multi-factor authentication context something you know something you have
Input manual automated (not meant to input manually)
Data Type text binary data
Complexity Low High
Memorization Easy Hard

Passwords were created to be memorized by human beings (low-entropy) where a key were created to be use in automated process by computer. They are too complex and random to be memorized.

Passwords are text whereas cryptographic keys are binary data (even if serialized and deserialized as text via for instance base64) and are generally not meant to input manually.

In a multi-factor authentication context,

  • passwords are something you know
  • cryptographic keys are something you have.


Password Guidance: Simplifying Your Approach - Gov UK

Ncsc Password Security

Pdf: ncsc_password_security.pdf

Password Storage

Any computer system that requires password authentication must contain a database of passwords, either hashed or in plaintext.

Because the tables are vulnerable to theft, storing the plaintext password is dangerous.

Most databases, therefore, store a cryptographic hash (ciphertext) of a user's password in the database.

In such a system, no one— including the authentication system— can determine what a user's password is by merely looking at the value stored in the database.

Instead, when a user enters his or her password for authentication, it is encrypted (hashed), and that output is compared to the stored entry for that user (which was hashed before being saved). If the two hashes match, access is granted.

Two-way function

An encrypted copy of the password encrypted and unencrypted to plaintext for use with authentication methods such as Digest authentication.

The passwords are stored in encrypted form and they can only be decrypted by the application to provide access in authorized circumstances.

These protections, however, cannot prevent a malicious user with application access level from illicitly extracting them in the same manner that the application would do for legitimate use.

One-way hash function

See Function - One way

This hashing function is designed to always produce the same result from the same password input, and to minimize collisions where two different passwords can produce the same result. This hash is always the same length and cannot be directly decrypted to reveal the plaintext password.

To protect against brute-force attacks, users who authenticate with passwords should set strong passwords or passphrases that include characters from multiple sets and are as long as the user can easily remember. See Password Technical Overview


To key

See Key - Derivation function (password to key)

Guided Navigation


  • Java from console. If an application needs to read a password or other secure data, it should use readPassword() or readPassword(String, Object…) and manually zero the returned character array after processing to minimize the lifetime of sensitive data in memory.
 Console cons;
 char[] passwd;
 if ((cons = System.console()) != null &&
     (passwd = cons.readPassword("[%s]", "Password:")) != null) {
     java.util.Arrays.fill(passwd, ' ');


The MIT's Time-Sharing Computer is considered to be the first computer system to use passwords.

Password Expiration

Time for Password Expiration to Die by Lance Spitzner


rfc8018 PKCS #5: Password-Based Cryptography Specification

Documentation / Reference

Recommended Pages
Card Puncher Data Processing
Ansible - Password

in Ansible Lookup password - Create a random password and store it in a file See
Soap Ui Basic Authentication
Authentication - Basic Authentication (HTTP)

Basic Access Authentication is an Authentication mechanism from HTTP auth. Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS....
Card Puncher Data Processing
Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not,...
Card Puncher Data Processing
Authentication - Method / Protocol / Scheme

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (identify|authentication) provider. In the traditional...
Card Puncher Data Processing
Authentication Ways - something the person knows, has or is

Basically, there are three ways to authenticate an individual: by something the person knows, by something the person has, and by something the person is. All these ways have been used from...
Bash Liste Des Attaques Ovh
Bash - Password

password in bash Snippet to test the complexity of the password with: regexp and the and && operator
Card Puncher Data Processing
Cryptography - Key

A key is a parameter used in a cipher algorithm that determines the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity...
Public Key Crypto Pair Key Creation
Cryptography - Public Key Authentication (Certificate-based, Sender Verification)

With the public key scheme, the Authentication is based on digital signature where the digital signature verification proves that a message came from a particular sender. There is two type of authentication:...
Card Puncher Data Processing
Cryptography - Salt (init vector)

A salt is a text added to the password to make difficult an attack. See also: The salt value is public (not secret) and should be generated at random for each new encryption stored with the password...
Consistent Hashing
Hash function - MD4

MD4 is a cryptographic hash (one-way function) that produces a mathematical representation of a password. The NT hash of the password is calculated by using an unsalted MD4 hash algorithm.

Share this page:
Follow us:
Task Runner