Skip to content

Instantly share code, notes, and snippets.

View jdotpz's full-sized avatar

JP Schneider jdotpz

View GitHub Profile

The introduction part

For starters, what makes the password so broken is the fact that the shared secret (the password) is stored right where it’s subject to attack (the website).

That's not what makes the password so broken so long as the web service provider is doing everything right – storing the password hash instead of the raw password, using bcrypt with a significant work factor to generate that hash, and using a per-password salt.

I also (weakly) disagree that the website is the most likely attack vector, assuming he means an attack that grants access to the database or application server. The language is ambiguous, so I'll give him some benefit of the doubt and assume he's talking about XSS exploitations, which can compromise a website without requiring direct server access.

@bcarpio
bcarpio / lvsnapshot.sh
Created August 8, 2012 21:14
lvsnapshot.sh
#!/bin/bash
DATE=`date +"%a"`
DVOLNAME=datalv
LVOLNAME=journallv
VOLGR=datavg
DVOLPATH=/dev/$VOLGR/$DVOLNAME
LVOLPATH=/dev/$VOLGR/$LVOLNAME
DSNAME=`echo ${DVOLNAME}_ss_${DATE} | tr '[A-Z]' '[a-z]'`
LSNAME=`echo ${LVOLNAME}_ss_${DATE} | tr '[A-Z]' '[a-z]'`