Decrypt axcrypt file8/17/2023 ![]() ![]() So, to put it mildly: Every web page that forces you to use at least lower/upper case AND a number AND a symbol,īUT only forces you to use eight characters of password size is not steering you to the right measures to gain entropy.īut, to be fair: A web page can take measures to seriously throttle the passwords try-able per second on the server side Space bar or numeric keypad) and this way cross out character that you couldn't possibly have used. It's easier to get high entropy by increasing password size, than with adding more different characters or symbols.Īn attacker could also have watched (or heard) you type the password (paying attention to the use of the shift key, So the more entropy (possibilities to try) the better. It's 26^4 = 456 976 with a four character password, that's 26 times more entropy compared to only using three lower case characters.Ī brute force attacker will find a password after trying half the possibilities on average. So what happens if we add one character and still only use lower case letters, like "abcd"? So compared to "abc" we got eight times more entropy in this case. The number of possibilities per character doubles to 52, so the three character password leads to 52 * 52 * 52 = 140 608 possibilities. ![]() Now take a three character password which also includes upper case letters like "aBc". The number of lower case letters is 26, so a three character password leads to 26 * 26 * 26 = 17 576 possibilities to try. The strength of a password can be measured in entropy or "possibilities to try" (for a brute force attacker).įor example take a tree character password with just lower case letters like "abc". UsageĪdd an meta tag password: secret_password in your markdown files to protect them. MkDocs enables it by default if there is no plugins entry set, but now you have to enable it explicitly. NOTE: If you have no plugins entry in your configuration file yet, you'll likely also want to add the search plugin. Search index encryption for mkdocs-material.Check Ed25519 signatures with external canary script.Allow signing of generated pages and files.Allow special characters to be used in passwords (passwords are URLencoded).The password is now hashed by PBKDF2 instead of MD5 #47.Deprecation of use_secret as environment variables can be read by !ENV in password inventory.Introduce password inventory in mkdocs.yml or external yaml file, usable by level meta tag or _global #44.If a password is defined as an empty character string, the content is not protected. If a password is defined in an article or a page, it is always used even if there is a global password. If a global password exists, all articles and pages are protected with this password. I want to be able to protect the content of the page with a password.ĭefine a password to protect each page independently or a global password to protect them all. The content is encrypted with AES-256 in Python using P圜ryptodome, and decrypted in the browser with Crypto-JS. This plugin allows you to have password protected articles and pages in MKdocs. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |