While testing with the new release of Hydra against my own FTP server from FileZilla, I recognized that the autoban feature from FileZilla does not work for IPv6 connections. If there are multiple failed login attempts from an IPv4 address, FileZilla Server correctly blocks that IP. That is: Hydra stops testing passwords since it is not able to connect to the server anymore. However, when using IPv6, the FileZilla server generates the same error message (“421 Temporarily banned for too many failed login attempts”), but new connections from the same IPv6 address are still possible.
Here are my test results:
Continue reading FileZilla Server Bug: Autoban does not work with IPv6
How are passwords stolen? What are common password flaws? What are the security techniques to enhance the security of passwords respectively the security of the login-services? What authentication methods provide long-term security? How often should a password be changed? Which methods achieve good security while not being too complicated to be used by end-users?
This blog post discusses several methods of how passwords are stolen and provides approaches of how login-services can be secured.
Continue reading Password Policies – Appropriate Security Techniques
This is a mathematical post which is related to the xkcd 936 comic about password strength. The central question is: What is better for passwords? A password containing a few random characters or a passphrase containing a (less) few random words? Here comes a mathematical discussion.
Continue reading Password Strength/Entropy: Characters vs. Words
This is a short post in which I show the options I am using when generating random passwords with the Password Generator that ships with the password safe KeePass. The character set should be as big as possible while not containing letters that could confuse the end-user. Of course, all upper- & lower-case alphabetic characters as well as the digits are included. For all other symbols, I chose those which are inside the ASCII table as well as writeable with the keyboard layouts for US and German keyboards.
Continue reading Password Generator Options for KeePass