Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Blog Archives

NIST Special Publication 800-63B

New NIST guidelines for password security and authentication methods. Gets rid of many old password anti-patterns in favor of encouraging user-friendlier, simpler, but longer passwords. Recommends passwords have a minimum length of 8 characters (6 for numeric PINs), and allow pass-phrases up to *at least* 64 characters long. I’d probably want to go with 128 chars or more (after all, it will end up being cryptographically hashed before storage, anyways, so the length of the user’s original password is mostly irrelevant), but this is definitely a welcome improvement over all the bad “8-12 characters, with a mix of lowercase, uppercase, numbers, and special characters, except not *these* characters, and by the way you’ll have to change it in 90 days” patterns.

They also include recommendations for OTP (One-Time Password) and multi-factor authentication systems. Dry reading, but I hope that many organizations will start to follow these recs and get rid of current bad password practices.

NIST Special Publication 800-63B

wkhtmltopdf

wkhtmltopdf and wkhtmltoimage are open source (LGPLv3) command line tools to render HTML into PDF and various image formats using the Qt WebKit rendering engine. These run entirely “headless” and do not require a display or display service.

wkhtmltopdf