For added security I protect the /administrator with .htaccess username and password.
For MySQL I use one of those long password generators for th db user. 16 characters or more sounds like a good idea too. David Roth On Jul 6, 2012 2:58 PM, "Scott Wolpow" <sc...@wolpow.com> wrote: > We know the MD5 was vulnerable. > > All the more reason to move away from it. > Or better yet, be able to choose our own hash. > > SW > > On 7/6/2012 2:38 PM, Gary Mort wrote: > > Think your Joomla! password is secure? Here is a simple test[assuming it > is under 15 charectors long] > > Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for your > operating system. > > To check just YOUR password, run the gui , use either plus or lite, and > enter your password hash[from the database] in the field. Select the > Joomla hash type - and then go ahead and run the cracker. See how long it > takes to figure out your password. > > If your using a dictionary method, you'll need one or more wordlists, > you can get some dictionaries from > http://www.skullsecurity.org/wiki/index.php/Passwords > > If you have a website with lots of users that you want to check, instead > you can run > select `password` from #__users [replace #__ with your prefix. :-)] - and > export the list to a text file to give to oclhashplus > > Most password crackers around are limited to passwords of less than 16 > chars[because beyond that, the algorithms change for efficient lookups] - > so while making your own passwords greater than 16 chars doesn't mean > instant security, it does mean that it is beyond the scope of script > kiddies who just download crackers from the internet and don't know how to > write their own. > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing > Listhttp://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Onlinehttp://www.nyphpcon.com > > Show Your Participation in New York > PHPhttp://www.nyphp.org/show_participation.php > > > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >
_______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
