Passlib Documentation Release 1.7.4

Total Page:16

File Type:pdf, Size:1020Kb

Passlib Documentation Release 1.7.4 Passlib Documentation Release 1.7.4 Assurance Technologies, LLC Oct 08, 2020 Contents 1 Passlib 1.7.4 documentation 3 1.1 Welcome.................................................3 1.2 Getting Started..............................................4 1.3 Online Resources.............................................4 1.4 Hosting..................................................4 2 Walkthrough & Tutorials 5 2.1 Installation................................................5 2.1.1 Supported Platforms......................................5 2.1.2 Optional Libraries........................................5 2.1.3 Installation Instructions.....................................6 2.1.4 Testing.............................................6 2.1.5 Building the Documentation..................................7 2.2 Library Overview............................................7 2.2.1 Password Hashes........................................7 2.2.2 Password Contexts.......................................8 2.2.3 Two-Factor Authentication...................................8 2.2.4 Application Helpers.......................................8 2.3 New Application Quickstart Guide...................................9 2.3.1 Choosing a Hash........................................9 2.3.1.1 The Options......................................9 2.3.1.2 Detailed Comparison of Choices........................... 10 2.3.1.3 Making a Decision................................... 11 2.3.2 Creating and Using a CryptContext.............................. 11 2.4 PasswordHash Tutorial........................................ 13 2.4.1 Overview............................................ 13 2.4.2 Hashing & Verifying...................................... 13 2.4.2.1 Hashing........................................ 13 2.4.2.2 Verifying........................................ 14 2.4.2.3 Unicode & non-ASCII Characters........................... 14 2.4.3 Customizing the Configuration................................. 14 2.4.3.1 The using() Method.................................. 14 2.4.3.2 Usage Example.................................... 15 2.4.3.3 Other Keywords.................................... 15 2.4.4 Context Keywords....................................... 15 2.4.5 Identifying Hashes....................................... 16 i 2.4.6 Choosing the right rounds value................................ 17 2.5 CryptContext Tutorial........................................ 18 2.5.1 Overview............................................ 18 2.5.2 Walkthrough Outline...................................... 18 2.5.3 Basic Usage........................................... 18 2.5.4 Using Default Settings..................................... 19 2.5.5 Loading & Saving a CryptContext............................... 20 2.5.6 Deprecation & Hash Migration................................. 21 2.5.6.1 Deprecating Algorithms................................ 21 2.5.6.2 Integrating Hash Migration.............................. 22 2.5.6.3 Settings Rounds Limitations.............................. 22 2.5.7 Undocumented Features.................................... 23 2.5.8 Full Integration Example.................................... 23 2.5.8.1 Policy Configuration File............................... 24 2.5.8.2 Initializing the CryptContext............................. 24 2.5.8.3 Encrypting New Passwords.............................. 25 2.5.8.4 Verifying & Migrating Existing Passwords...................... 26 2.6 TOTP Tutorial.............................................. 27 2.6.1 Overview............................................ 27 2.6.2 Walkthrough.......................................... 27 2.6.2.1 1. Generate an Application Secret........................... 27 2.6.2.2 2. TOTP Factory Initialization............................ 27 2.6.2.3 3. Rate-Limiting & Cache Initialization........................ 28 2.6.2.4 4. Setting up TOTP for a User............................. 28 2.6.2.5 5. Storing the TOTP object.............................. 28 2.6.2.6 6. Verifying a Token.................................. 29 2.6.2.7 7. Reserializing Existing Objects........................... 31 2.6.3 Creating TOTP Instances.................................... 31 2.6.3.1 Direct Creation.................................... 31 2.6.3.2 Using a Factory.................................... 32 2.6.4 Configuring Clients....................................... 33 2.6.4.1 Rendering URIs.................................... 33 2.6.4.2 Rendering QR Codes................................. 33 2.6.4.3 Parsing URIs...................................... 34 2.6.5 Storing TOTP instances..................................... 34 2.6.5.1 JSON Serialization.................................. 34 2.6.5.2 Application Secrets.................................. 35 2.6.5.3 Encrypting Keys.................................... 35 2.6.6 Generating Tokens (Client-Side Only)............................. 36 2.6.7 Verifying Tokens........................................ 36 2.6.7.1 Match & Verify.................................... 37 2.6.7.2 Preventing Token Reuse................................ 37 2.6.7.3 Why Rate-Limiting is Critical............................. 38 3 API Reference 41 3.1 passlib.apache - Apache Password Files............................. 42 3.1.1 Htpasswd Files......................................... 42 3.1.1.1 Loading & Saving................................... 44 3.1.1.2 Inspection....................................... 45 3.1.1.3 Modification...................................... 45 3.1.1.4 Alternate Constructors................................. 45 3.1.1.5 Attributes....................................... 46 3.1.1.6 Errors......................................... 46 3.1.2 Htdigest Files.......................................... 46 ii 3.1.2.1 Loading & Saving................................... 47 3.1.2.2 Inspection....................................... 47 3.1.2.3 Modification...................................... 48 3.1.2.4 Alternate Constructors................................. 48 3.1.2.5 Attributes....................................... 49 3.1.2.6 Errors......................................... 49 3.2 passlib.apps - Helpers for various applications.......................... 49 3.2.1 Usage Example......................................... 49 3.2.2 Django............................................. 50 3.2.3 LDAP.............................................. 50 3.2.4 MySQL............................................. 51 3.2.5 PHPass............................................. 51 3.2.6 PostgreSQL........................................... 51 3.2.7 Roundup............................................ 52 3.2.8 Custom Applications...................................... 52 3.3 passlib.context - CryptContext Hash Manager.......................... 52 3.3.1 The CryptContext Class.................................... 53 3.3.1.1 Constructor Keywords................................. 53 3.3.1.2 Primary Methods................................... 57 3.3.1.3 Hash Migration.................................... 60 3.3.1.4 Disabled Hash Managment.............................. 61 3.3.1.5 Alternate Constructors................................. 62 3.3.1.6 Changing the Configuration.............................. 63 3.3.1.7 Examining the Configuration............................. 65 3.3.1.8 Saving the Configuration............................... 66 3.3.1.9 Configuration Errors.................................. 67 3.3.2 Other Helpers.......................................... 67 3.3.3 The CryptPolicy Class (deprecated).............................. 68 3.3.3.1 Constructors...................................... 68 3.3.3.2 Introspection...................................... 69 3.3.3.3 Exporting....................................... 70 3.4 passlib.crypto - Cryptographic Helper Functions........................ 70 3.4.1 passlib.crypto.digest - Hash & Related Helpers.................. 71 3.4.1.1 Hash Functions.................................... 71 3.4.1.2 PKCS#5 Key Derivation Functions.......................... 72 3.4.2 passlib.crypto.des - DES routines........................... 73 3.5 passlib.exc - Exceptions and warnings............................... 74 3.5.1 Exceptions........................................... 74 3.5.1.1 TOTP Exceptions................................... 76 3.5.2 Warnings............................................ 76 3.5.2.1 Minor Warnings.................................... 76 3.5.2.2 Critical Warnings................................... 77 3.6 passlib.ext.django - Django Password Hashing Plugin..................... 77 3.6.1 Installation........................................... 78 3.6.2 Configuration.......................................... 78 3.6.3 Module Contents........................................ 79 3.7 passlib.hash - Password Hashing Schemes............................ 80 3.7.1 Overview............................................ 80 3.7.2 Unix Hashes........................................... 80 3.7.2.1 Active Unix Hashes.................................. 80 3.7.2.2 Deprecated Unix Hashes............................... 89 3.7.2.3 Archaic Unix Hashes................................. 98 3.7.3 Other “Modular Crypt” Hashes................................. 107 3.7.3.1 Active Hashes..................................... 107 iii 3.7.3.2 Deprecated Hashes.................................. 121 3.7.4 LDAP / RFC2307 Hashes.................................... 125 3.7.4.1 Standard LDAP Schemes............................... 125 3.7.4.2 Non-Standard LDAP Schemes...........................
Recommended publications
  • GPU-Based Password Cracking on the Security of Password Hashing Schemes Regarding Advances in Graphics Processing Units
    Radboud University Nijmegen Faculty of Science Kerckhoffs Institute Master of Science Thesis GPU-based Password Cracking On the Security of Password Hashing Schemes regarding Advances in Graphics Processing Units by Martijn Sprengers [email protected] Supervisors: Dr. L. Batina (Radboud University Nijmegen) Ir. S. Hegt (KPMG IT Advisory) Ir. P. Ceelen (KPMG IT Advisory) Thesis number: 646 Final Version Abstract Since users rely on passwords to authenticate themselves to computer systems, ad- versaries attempt to recover those passwords. To prevent such a recovery, various password hashing schemes can be used to store passwords securely. However, recent advances in the graphics processing unit (GPU) hardware challenge the way we have to look at secure password storage. GPU's have proven to be suitable for crypto- graphic operations and provide a significant speedup in performance compared to traditional central processing units (CPU's). This research focuses on the security requirements and properties of prevalent pass- word hashing schemes. Moreover, we present a proof of concept that launches an exhaustive search attack on the MD5-crypt password hashing scheme using modern GPU's. We show that it is possible to achieve a performance of 880 000 hashes per second, using different optimization techniques. Therefore our implementation, executed on a typical GPU, is more than 30 times faster than equally priced CPU hardware. With this performance increase, `complex' passwords with a length of 8 characters are now becoming feasible to crack. In addition, we show that between 50% and 80% of the passwords in a leaked database could be recovered within 2 months of computation time on one Nvidia GeForce 295 GTX.
    [Show full text]
  • Tuto Documentation Release 0.1.0
    Tuto Documentation Release 0.1.0 DevOps people 2020-05-09 09H16 CONTENTS 1 Documentation news 3 1.1 Documentation news 2020........................................3 1.1.1 New features of sphinx.ext.autodoc (typing) in sphinx 2.4.0 (2020-02-09)..........3 1.1.2 Hypermodern Python Chapter 5: Documentation (2020-01-29) by https://twitter.com/cjolowicz/..................................3 1.2 Documentation news 2018........................................4 1.2.1 Pratical sphinx (2018-05-12, pycon2018)...........................4 1.2.2 Markdown Descriptions on PyPI (2018-03-16)........................4 1.2.3 Bringing interactive examples to MDN.............................5 1.3 Documentation news 2017........................................5 1.3.1 Autodoc-style extraction into Sphinx for your JS project...................5 1.4 Documentation news 2016........................................5 1.4.1 La documentation linux utilise sphinx.............................5 2 Documentation Advices 7 2.1 You are what you document (Monday, May 5, 2014)..........................8 2.2 Rédaction technique...........................................8 2.2.1 Libérez vos informations de leurs silos.............................8 2.2.2 Intégrer la documentation aux processus de développement..................8 2.3 13 Things People Hate about Your Open Source Docs.........................9 2.4 Beautiful docs.............................................. 10 2.5 Designing Great API Docs (11 Jan 2012)................................ 10 2.6 Docness.................................................
    [Show full text]
  • PHC: Status Quo
    PHC: status quo JP Aumasson @veorq / http://aumasson.jp academic background principal cryptographer at Kudelski Security, .ch applied crypto research and outreach BLAKE, BLAKE2, SipHash, NORX Crypto Coding Standard Password Hashing Competition Open Crypto Audit Project board member do you use passwords? this talk might interest you! Oct 2013 "hash" = 3DES-ECB( static key, password ) users' hint made the guess game easy... (credit Jeremi Gosney / Stricture Group) May 2014; "encrypted passwords" (?) last week that's only the reported/published cases Lesson if Adobe, eBay, and Avast fail to protect their users' passwords, what about others? users using "weak passwords"? ITsec people using "weak defenses"? developers using "weak hashes"? cryptographers, who never bothered? agenda 1. how (not) to protect passwords 2. the Password Hashing Competition (PHC) 3. the 24-2 PHC candidates 4. next steps, and how to contribute WARNING this is NOT about bikeshed topics as: password policies password managers password-strength meters will-technology-X-replace-passwords? 1. how (not) to protect passwords solution of the 60's store "password" or the modern alternative: obviously a bad idea (assuming the server and its DB are compromised) solution of the early 70's store hash("password") "one-way": can't be efficiently inverted vulnerable to: ● efficient dictionary attacks and bruteforce ● time-memory tradeoffs (rainbow tables, etc.) solution of the late 70's store hash("password", salt) "one-way": can't be efficiently inverted immune to time-memory tradeoffs vulnerable to: ● dictionary attacks and bruteforce (but has to be repeated for different hashes) solution of the 2000's store hash("password", salt, cost) "one-way": can't be efficiently inverted immune to time-memory tradeoffs inefficient dictionary attacks and bruteforce main ideas: ● be "slow" ● especially on attackers' hardware (GPU, FPGA) => exploit fast CPU memory access/writes PBKDF2 (Kaliski, 2000) NIST and PKCS standard in Truecrypt, iOS, etc.
    [Show full text]
  • Application Lifecycle Management Tools Open Source
    Application Lifecycle Management Tools Open Source Posh and tropistic Christofer congees almost despondingly, though Sam humiliating his breastworks recoins. Jorge usually assassinates astringently or disrupt crustily when interterritorial Marko voids streakily and convivially. Irresponsible Vijay unround broadly. With the software changes into three core business reason for anyone using powerful lifecycle tools across public activity management The package includes OSS project management tool Redmine and version. This year open source ALM tuleap httpwwwenaleancomentuleap is altogether good start. ALM tools automate the software development and deployment processes help. Micro Focus Application Lifecycle Management ALM software and solutions. Virtual flavor of the product with its embedded and application software before. Greg Lindhorst Principal Program Manager Thursday January 14 2021. The more List and Open-source Tools View ahead complete list ANT Anypoint Platform. Application Lifecycle Management Tools ALM is the continuous process of. Top 10 Application Lifecycle Management Tools For end Year. A degree to two the limitations of save open-source circuit otherwise inadequate tool. Best Free Application Lifecycle Management Software 2021. Each document type main source code is managed with SubversionSVN with. It is free of tools are the advent of the use after year after going through it connects people meet business outcomes as and open application source tools? Application Lifecycle Management SoftLanding. Top Application Lifecycle Management ALM Toolsets InfoQ. They also have original single proponent of truth providing any relevant. Then view the software projects, open application lifecycle management tools on open source option, and hybrid it can create and. Software lifecycle management SLM is the discipline for managing.
    [Show full text]
  • Modern Password Security for System Designers What to Consider When Building a Password-Based Authentication System
    Modern password security for system designers What to consider when building a password-based authentication system By Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects This whitepaper describes and models modern password guidance and recommendations for the designers and engineers who create secure online applications. A related whitepaper, Password security ​ for users, offers guidance for end users. This whitepaper covers the wide range of options to consider ​ when building a password-based authentication system. It also establishes a set of user-focused recommendations for password policies and storage, including the balance of password strength and usability. The technology world has been trying to improve on the password since the early days of computing. Shared-knowledge authentication is problematic because information can fall into the wrong hands or be forgotten. The problem is magnified by systems that don't support real-world secure use cases and by the frequent decision of users to take shortcuts. According to a 2019 Yubico/Ponemon study, 69 percent of respondents admit to sharing passwords with ​ ​ their colleagues to access accounts. More than half of respondents (51 percent) reuse an average of five passwords across their business and personal accounts. Furthermore, two-factor authentication is not widely used, even though it adds protection beyond a username and password. Of the respondents, 67 percent don’t use any form of two-factor authentication in their personal life, and 55 percent don’t use it at work. Password systems often allow, or even encourage, users to use insecure passwords. Systems that allow only single-factor credentials and that implement ineffective security policies add to the problem.
    [Show full text]
  • Authentication Requirements in Cryptography
    Authentication Requirements In Cryptography Autolytic Micah scurrying narcotically and numerically, she perdures her contractility denigrate fustily. Utilitarian Thibaud attempt questioningly. Deviate and bleached Christie still carry-ons his Leonids sullenly. In the session key above are equivalent aes encrypt sensitive, requirements in authentication ciphersuite or on various vendors who the phy layer to the recipient passes the ciphertext Message authentication with fancy key implies message integrity. The requirements be considered as generic in the sense that they are ss technologies. Any inner authentication method employed authentication from the combine to the authentication server. The preceding paragraphs have endeavoured to present the complete set of concepts in a logical sequence of development. Chapter 11 Message Authentication Codes The luncheon of. MAC even to get obtain the confidentially part. AAA connection rm authentication the peers, as well as additional information about authenticators, roaming agreements, network policies and other network information. Since X509 is based on cross key cryptography the maintain of DOA used. Most often referred to hash functions has available protocols that it harder for vehicular networks. AWS KMS also lets you use all or part of the encryption context as the condition for a permission in a policy or grant. To authority confirms that authentication as a bad decision. This can be done by using it to support the secure transmission of a new secret key from the originator to the other party. There still appear to be many engineering details that have to be worked out before such a machine could be built. Most toward the web pages on the Internet require no authentication or authorization Encryption Encryption involves the crest of transforming data.
    [Show full text]
  • IB Case Study Vocabulary a Local Economy Driven by Blockchain (2020) Websites
    IB Case Study Vocabulary A local economy driven by blockchain (2020) Websites Merkle Tree: https://blockonomi.com/merkle-tree/ Blockchain: https://unwttng.com/what-is-a-blockchain Mining: https://www.buybitcoinworldwide.com/mining/ Attacks on Cryptocurrencies: https://blockgeeks.com/guides/hypothetical-attacks-on-cryptocurrencies/ Bitcoin Transaction Life Cycle: https://ducmanhphan.github.io/2018-12-18-Transaction-pool-in- blockchain/#transaction-pool 51 % attack - a potential attack on a blockchain network, where a single entity or organization can control the majority of the hash rate, potentially causing a network disruption. In such a scenario, the attacker would have enough mining power to intentionally exclude or modify the ordering of transactions. Block - records, which together form a blockchain. ... Blocks hold all the records of valid cryptocurrency transactions. They are hashed and encoded into a hash tree or Merkle tree. In the world of cryptocurrencies, blocks are like ledger pages while the whole record-keeping book is the blockchain. A block is a file that stores unalterable data related to the network. Blockchain - a data structure that holds transactional records and while ensuring security, transparency, and decentralization. You can also think of it as a chain or records stored in the forms of blocks which are controlled by no single authority. Block header – main way of identifying a block in a blockchain is via its block header hash. The block hash is responsible for block identification within a blockchain. In short, each block on the blockchain is identified by its block header hash. Each block is uniquely identified by a hash number that is obtained by double hashing the block header with the SHA256 algorithm.
    [Show full text]
  • Universal Leaky Random Oracle
    Universal Leaky Random Oracle Guangjun Fan1, Yongbin Zhou2, Dengguo Feng1 1 Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing,China [email protected] , [email protected] 2 State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China [email protected] Abstract. Yoneyama et al. introduces the Leaky Random Oracle Model at ProvSec2008 to capture the leakages from the hash list of a hash func- tion used by a cryptography construction due to various attacks caused by sloppy usages or implementations in the real world. However, an im- portant fact is that such attacks would leak not only the hash list, but also other secret states (e.g. the secret key) outside the hash list. There- fore, the Leaky Random Oracle Model is very limited in the sense that it considers the leakages from the hash list alone, instead of taking into con- sideration other possible leakages from secret states simultaneously. In this paper, we present an augmented model of the Leaky Random Oracle Model. In our new model, both the secret key and the hash list can be leaked. Furthermore, the secret key can be leaked continually during the whole lifecycle of the cryptography construction. Hence, our new model is more universal and stronger than the Leaky Random Oracle Model and some other leakage models (e.g. only computation leaks model and memory leakage model). As an application example, we also present a public key encryption scheme which is provably IND-CCA secure in our new model.
    [Show full text]
  • Package 'Bcrypt'
    Package ‘bcrypt’ January 26, 2018 Type Package Title 'Blowfish' Password Hashing Algorithm Version 1.1 Description Bindings to the 'blowfish' password hashing algorithm derived from the 'OpenBSD' implementation. URL https://github.com/jeroen/bcrypt https://www.openbsd.org/papers/bcrypt-paper.pdf BugReports https://github.com/jeroen/bcrypt/issues License BSD_2_clause + file LICENSE Imports openssl RoxygenNote 6.0.1.9000 Suggests spelling Language en-US Encoding UTF-8 NeedsCompilation yes Author Jeroen Ooms [cre, aut], Damien Miller [cph], Niels Provos [cph] Maintainer Jeroen Ooms <[email protected]> Repository CRAN Date/Publication 2018-01-26 09:08:42 UTC R topics documented: bcrypt . .2 Index 4 1 2 bcrypt bcrypt Bcrypt password hashing Description Bcrypt is used for secure password hashing. The main difference with regular digest algorithms such as MD5 or SHA256 is that the bcrypt algorithm is specifically designed to be CPU intensive in order to protect against brute force attacks. The exact complexity of the algorithm is configurable via the log_rounds parameter. The interface is fully compatible with the Python one. Usage gensalt(log_rounds = 12) hashpw(password, salt = gensalt()) checkpw(password, hash) Arguments log_rounds integer between 4 and 31 that defines the complexity of the hashing, increasing the cost as 2^log_rounds. password the message (password) to encrypt salt a salt generated with gensalt. hash the previously generated bcrypt hash to verify Details The hashpw function calculates a hash from a password using a random salt. Validating the hash is done by rehashing the password using the hash as a salt. The checkpw function is a simple wrapper that does exactly this.
    [Show full text]
  • PGP Command Line User Guide
    PGP Command Line User Guide Last updated: July 2020 Copyright statement Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. Contents About PGP Command Line 1 Important Concepts 1 Technical Support 2 Installing 5 Install Location 5 Installing on AIX 6 Installing on AIX 6 Changing the Home Directory on AIX 7 Uninstalling on AIX 7 Installing on HP-UX 8 Installing on HP-UX 8 Changing the Home Directory on HP-UX 9 Installing to a Non-Default Directory on HP-UX 9 Uninstalling on HP-UX 9 Installing on macOS 10 Installing on macOS 10 Changing the Home Directory on macOS 10 Uninstalling on macOS 11 Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 11 Installing on Red Hat Enterprise Linux or Fedora Core 11 Changing the Home Directory on Linux or Fedora Core 12 Uninstalling on Linux or Fedora Core 12 Installing on Oracle Solaris 13 Installing on Oracle
    [Show full text]
  • Discovering Community Patterns in Open-Source: a Systematic Approach and Its Evaluation
    Empirical Software Engineering https://doi.org/10.1007/s10664-018-9659-9 Discovering community patterns in open-source: a systematic approach and its evaluation Damian A. Tamburri1 · Fabio Palomba2 · Alexander Serebrenik3 · Andy Zaidman4 © The Author(s) 2018 Abstract “There can be no vulnerability without risk; there can be no community without vulnerability; there can be no peace, and ultimately no life, without community.” - [M. Scott Peck] The open-source phenomenon has reached the point in which it is virtually impossible to find large applications that do not rely on it. Such grand adoption may turn into a risk if the community regulatory aspects behind open-source work (e.g., contribution guidelines or release schemas) are left implicit and their effect untracked. We advocate the explicit study and automated support of such aspects and propose YOSHI (Yielding Open-Source Health Information), a tool able to map open-source communities onto community patterns,sets of known organisational and social structure types and characteristics with measurable core attributes. This mapping is beneficial since it allows, for example, (a) further investigation of community health measuring established characteristics from organisations research, (b) reuse of pattern-specific best-practices from the same literature, and (c) diagnosis of organ- isational anti-patterns specific to open-source, if any. We evaluate the tool in a quantitative empirical study involving 25 open-source communities from GitHub, finding that the tool offers a valuable basis to monitor key community traits behind open-source development and may form an effective combination with web-portals such as OpenHub or Bitergia. We made the proposed tool open source and publicly available.
    [Show full text]
  • Atlassian: Analysis and Strategic Recommendation
    University of Montana ScholarWorks at University of Montana Undergraduate Theses and Professional Papers 2017 Atlassian: Analysis and strategic recommendation Ryann M. Carlson University of Montana, Missoula, [email protected] Follow this and additional works at: https://scholarworks.umt.edu/utpp Part of the Strategic Management Policy Commons Let us know how access to this document benefits ou.y Recommended Citation Carlson, Ryann M., "Atlassian: Analysis and strategic recommendation" (2017). Undergraduate Theses and Professional Papers. 167. https://scholarworks.umt.edu/utpp/167 This Professional Paper is brought to you for free and open access by ScholarWorks at University of Montana. It has been accepted for inclusion in Undergraduate Theses and Professional Papers by an authorized administrator of ScholarWorks at University of Montana. For more information, please contact [email protected]. ATLASSIAN: ANALYSIS AND STRATEGIC RECOMMENDATION By RYANN MARIE CARLSON Undergraduate Professional Paper presented in partial fulfillment of the requirements for the University Scholar distinction Davidson Honors College University of Montana Missoula, MT May 2017 Approved by: Suzanne Tilleman, Ph.D., Faculty Mentor Management and Marketing Department, School of Business Administration ABSTRACT Carlson, Ryann, B.S., May 2017 Management Information Systems Atlassian: Analysis and strategic recommendation Faculty Mentor: Suzanne Tilleman, Ph.D. This research consists of an external and internal analysis of, as well as a strategic recommendation for Atlassian, an Australian software company. The external analysis will use various frameworks to analyze the following: changes and trends in the environment, Porter’s Five Forces industry analysis, competitor analysis, industry segmentation and demand issues and opportunities in the industry. The internal analysis will use various frameworks to perform an internal resource assessment, financial resources assessment and assessment of opportunities for the company.
    [Show full text]