This morning I signed up with a major credit card company website.  Much to my surprise I was greeted with this requirement while choosing a password: Your Password should contain 6 to 8 characters . at least one letter and one number (not case sensitive), contain no spaces or special characters...

If you understand hashing and salting then skip the next paragraph. Stored passwords for logins should be hashed and salted.  Hashing is a one way mechanism to produce a practically unique value based on the given input.  This is useful since we can store the hash (and validate the password...

Shipping software is one of the most exciting times for a development team but this new release is easily the most anticipated version of Secret Server to date by our customers. Secret Server 3.1 will feature the two most requested features from customers who visited our booth at TechEd in June 2007...

As rumored yesterday , Google made a major announcement : a subscription package of premium, hosted business applications. (Man, Arrington's sources are scary good). The service combines GMail, Google Calendar, Google Talk and Google Docs & Spreadsheets for $50 per user annually. I still insist that...

OpenID, which describes itself as "an open, decentralized, free framework for user-centric digital identity", has been gaining momentum and getting press in the Identity 2.0 space. The fundamental idea of OpenID is that a URI is necessarily unique and thus a good way to identify users. If you say you...

A University of Washington course in Cryptography is available online , including videos of all the lectures ( via Bruce Schneier ). I've listened to the first lecture and it seems like a great introduction if you're interested in the subject. Interestingly, he cautions about Schneier's "popular-but...

Mike Gunderloy, one of our early adopters, has added our Secret Server 1.1 release to the Daily Grind today! This is a huge compliment from a guru in tools, development and the developer community. Thanks Mike! If you don't know about the Daily Grind , read all about it here . Jonathan Cogley is the...

It is a wonderful feeling to ship software - it has been a long hard slog to get this round of features complete. Especially while juggling our developers across various projects and client work. This is also a welcome release as we get to use all the new features in our own company Secret Server instance...

I haven't blogged in a few weeks but I have a few good reasons. Client projects with tight deadlines, the final push for our second big release of Thycotic Secret Server and also holding back on the irresistable urge to talk about features that aren't released yet (not much of a marketing person, huh...

I just came across this post (older) by Robert Hurlbut titled "DREAD is dead" and it reminded me of our experiences with these same ratings today. We are in the middle of a Security Review for a client and have been working through our threat model to assess the risk associated with each item. DREAD...