It is currently Mon Jan 25, 2021 10:04 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 37 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject: Re: where to store your passwords ?
PostPosted: Sun Jun 08, 2014 6:02 pm 
Offline
Addict
Addict

Joined: Thu Jun 07, 2007 3:25 pm
Posts: 3967
Location: Berlin, Germany
Regardless what way you choose, there is always a weak point. Some methods are less weak than some others, though.

I'm using the portable version of KeePass Professional (free and open source). The database that contains my passwords is encrypted and protected by its own password. That means, I have to remeber only this one passwort.
One copy of the program and my database is at home on the hard drive of my PC, another copy is on a USB pen drive which I always take with me when I'm going to work etc.

It's possible -- but very unlikely -- that I'd lose that USB pen drive. In that case I still have the copy on my PC. And if someone finds the pen drive, s/he could not easily read my passwords, because they are stored in an encrypted database.

_________________
Please excuse my flawed English. My native language is PureBasic.
Search
RSBasic's backups


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 1:08 am 
Offline
PureBasic Expert
PureBasic Expert

Joined: Fri Apr 25, 2003 5:24 pm
Posts: 7581
> it's necessary to remember a bunch of rules

Not so. You can use one rule if you want.

> You're always reading sequentially in one of eight directions

Nope, you don't get it. Nothing is sequential if you don't want
it to be. You can make all your passwords zig-zagged, or in a
spiral, etc. I already explained all this. Plus, the password can
be from 1 to X chars long. Where did you pull 8 from? You're
totally not getting it. :)

> A dictionary created from the card containing less than 10k
> entries would contain all your passwords

Again, you're not grasping its concept properly. That single
card is capable of storing over 48,000 passwords if we used
just its first line ALONE. And that's just using left-right as
the direction on the first line. And there's 9 lines, so that
comes to over 432,000 passwords using left-right with all
lines. Now, add up-down, zig-zag, whirls, and the number
of possible passwords more than MILLIONS.

> Regardless what way you choose, there is always a weak point

Weak points apply to technical limitations, not your brain.
Of course, a weak point with your brain would be the old
rubber-hose cryptanalysis technique. ;)

_________________
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 2:17 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 17, 2009 10:51 pm
Posts: 1387
Location: Nashville
PB wrote:
... would be the old
rubber-hose cryptanalysis technique. ;)


Beat somebody with a rubber hose until they tell you their password?


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 2:39 am 
Offline
Enthusiast
Enthusiast

Joined: Tue Apr 24, 2012 5:08 pm
Posts: 542
Location: Ontario, Canada
PB wrote:
> it's necessary to remember a bunch of rules

Not so. You can use one rule if you want.


I was thinking in terms of having to remember the reference point, direction, and number of characters, for each online account. Plus one needs to carry the key card, in real or virtual form.

It seems like a lot of trouble to go to when it would be just as easy to remember the passwords.

A true story:

I once installed one of my packages with a temporary password, and explained to the customer that he would need to use the password to change the preferences. I told him that the password was "secret", but he could change it via the preferences screen. He nodded and said, "Ok". About five years later he phoned me and asked if I could change the preferences when I was next in the building. I reminded him that he had the password and could do it himself. He responded, "No I can't -- you told me the password was secret".

_________________
For ten years Caesar ruled with an iron hand, then with a wooden foot, and finally with a piece of string.
~ Spike Milligan


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 3:16 am 
Offline
Addict
Addict

Joined: Sun Dec 12, 2010 12:36 am
Posts: 1642
Location: Somewhere in the midwest
I recently started using LastPass

_________________
Image


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 4:36 am 
Offline
Addict
Addict

Joined: Thu Jun 07, 2007 3:25 pm
Posts: 3967
Location: Berlin, Germany
PB wrote:
> Regardless what way you choose, there is always a weak point

Weak points apply to technical limitations, not your brain.

Oh, e.g. forgetfulness does not exist? So what's all the fuss about?
Then just remember your dozens of passwords, and you are done.

_________________
Please excuse my flawed English. My native language is PureBasic.
Search
RSBasic's backups


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Mon Jun 09, 2014 9:43 am 
Offline
PureBasic Expert
PureBasic Expert

Joined: Fri Apr 25, 2003 5:24 pm
Posts: 7581
> Beat somebody with a rubber hose until they tell you their password?

Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

_________________
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 1:27 am 
Offline
Addict
Addict
User avatar

Joined: Mon May 14, 2007 2:13 am
Posts: 979
Location: Darling River
PB wrote:
> Beat somebody with a rubber hose until they tell you their password?

Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis


:| :) :lol:

_________________
PureBasic Rocks! Even More! And More!
PureBasic 5, Now We're Really Rockin!


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 2:06 am 
Offline
Enthusiast
Enthusiast

Joined: Mon Nov 25, 2013 5:38 am
Posts: 254
Location: Australia
Double or triple encrypted passwords seem fine to me. For example serpent encrypted inside AES encrypted.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 3:00 am 
Offline
Addict
Addict

Joined: Fri Apr 25, 2003 11:10 pm
Posts: 1232
use a password generator, you have a long phrase that you know well and can't forget as your seed that you use to generate unique passwords for different forums or other sites.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 11:28 am 
Offline
PureBasic Expert
PureBasic Expert

Joined: Fri Apr 25, 2003 5:24 pm
Posts: 7581
> forgetfulness does not exist?

I was referring to weak points in the context of others
getting your password from you. With a file, it can be
hacked. Your brain can't.

_________________
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 11:36 am 
Offline
Always Here
Always Here

Joined: Fri Oct 23, 2009 2:33 am
Posts: 6282
Location: Wales, UK
Quote:
Your brain can't.
. Hang on PB, you already referenced Wikipedia to show that it can be hacked :D
A well encrypted file is a very difficult animal to hack, almost impossible. Most hackers are not going to have the hardware/time/patience - and they don't need to, since they have a list of millions of potential victims free-of-charge from Sony etc. Any sign that your file is well guarded and I think most hackers will just move on to the next Joe.

_________________
IdeasVacuum
If it sounds simple, you have not grasped the complexity.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 11:56 am 
Offline
Addict
Addict

Joined: Thu Jun 07, 2007 3:25 pm
Posts: 3967
Location: Berlin, Germany
PB wrote:
> forgetfulness does not exist?

I was referring to weak points in the context of others
getting your password from you.

You did not write that in your regarding reply. You answered in a general sense to a sentence of mine, which was about weak points of password usage and management in general. Others getting your password from you is only one aspect of the whole story.

_________________
Please excuse my flawed English. My native language is PureBasic.
Search
RSBasic's backups


Last edited by Little John on Tue Jun 10, 2014 12:59 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 12:30 pm 
Offline
Addict
Addict

Joined: Wed Aug 24, 2005 8:39 am
Posts: 2736
Location: Southwest OH - USA
For all practical purposes, an aes encrypted file is unhackable.


Top
 Profile  
Reply with quote  
 Post subject: Re: where to store your passwords ?
PostPosted: Tue Jun 10, 2014 6:17 pm 
Offline
Addict
Addict
User avatar

Joined: Sat Apr 26, 2003 8:26 am
Posts: 2999
Location: Planet Earth
PB wrote:
With a file, it can be hacked. Your brain can't.

For future prospects, watch the 2013 movie: Elysium ;)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 37 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye