Password Store: Password encryption aborted.

While testing the Password Store on MacOS, I had problems when I was trying to encrypt passwords.

Initialization was correct:


However, when trying to generate / add a password:


The solution to the problem is the GPG Suite installation ->
https://gpgtools.org

 

Good browser extension: https://github.com/browserpass/browserpass/

Disallow the access to all files and folders with dot at the beginning

It is a good practice to disallow the access to all files and folders with dot at the beginning, except for .well-known folder (it is used for certificates verification and for security.txt file).

 

Apache .htaccess:

 

Nginx:

 

 

 

How To Safely Store A Password

How To Safely Store A Password ? Use bcrypt !

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?

These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

And that’s without investing anything.  Continue reading How To Safely Store A Password