PureBasic Forums - English

Regardless what way you choose, there is always a weak point. Some methods are less weak than some others, though.

I'm using the portable version of KeePass Professional (free and open source). The database that contains my passwords is encrypted and protected by its own password. That means, I have to remeber only this one passwort.
One copy of the program and my database is at home on the hard drive of my PC, another copy is on a USB pen drive which I always take with me when I'm going to work etc.

It's possible -- but very unlikely -- that I'd lose that USB pen drive. In that case I still have the copy on my PC. And if someone finds the pen drive, s/he could not easily read my passwords, because they are stored in an encrypted database.

> it's necessary to remember a bunch of rules

Not so. You can use one rule if you want.

> You're always reading sequentially in one of eight directions

Nope, you don't get it. Nothing is sequential if you don't want
it to be. You can make all your passwords zig-zagged, or in a
spiral, etc. I already explained all this. Plus, the password can
be from 1 to X chars long. Where did you pull 8 from? You're
totally not getting it.

> A dictionary created from the card containing less than 10k
> entries would contain all your passwords

Again, you're not grasping its concept properly. That single
card is capable of storing over 48,000 passwords if we used
just its first line ALONE. And that's just using left-right as
the direction on the first line. And there's 9 lines, so that
comes to over 432,000 passwords using left-right with all
lines. Now, add up-down, zig-zag, whirls, and the number
of possible passwords more than MILLIONS.

> Regardless what way you choose, there is always a weak point

Weak points apply to technical limitations, not your brain.
Of course, a weak point with your brain would be the old
rubber-hose cryptanalysis technique.

PB wrote:... would be the old
rubber-hose cryptanalysis technique.

Beat somebody with a rubber hose until they tell you their password?

PB wrote:> it's necessary to remember a bunch of rules

Not so. You can use one rule if you want.

I was thinking in terms of having to remember the reference point, direction, and number of characters, for each online account. Plus one needs to carry the key card, in real or virtual form.

It seems like a lot of trouble to go to when it would be just as easy to remember the passwords.

A true story:

I once installed one of my packages with a temporary password, and explained to the customer that he would need to use the password to change the preferences. I told him that the password was "secret", but he could change it via the preferences screen. He nodded and said, "Ok". About five years later he phoned me and asked if I could change the preferences when I was next in the building. I reminded him that he had the password and could do it himself. He responded, "No I can't -- you told me the password was secret".

I recently started using LastPass

PB wrote:> Regardless what way you choose, there is always a weak point

Weak points apply to technical limitations, not your brain.

Oh, e.g. forgetfulness does not exist? So what's all the fuss about?
Then just remember your dozens of passwords, and you are done.

> Beat somebody with a rubber hose until they tell you their password?

Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

PB wrote:> Beat somebody with a rubber hose until they tell you their password?

Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

Double or triple encrypted passwords seem fine to me. For example serpent encrypted inside AES encrypted.

use a password generator, you have a long phrase that you know well and can't forget as your seed that you use to generate unique passwords for different forums or other sites.

> forgetfulness does not exist?

I was referring to weak points in the context of others
getting your password from you. With a file, it can be
hacked. Your brain can't.

Your brain can't.

. Hang on PB, you already referenced Wikipedia to show that it can be hacked
A well encrypted file is a very difficult animal to hack, almost impossible. Most hackers are not going to have the hardware/time/patience - and they don't need to, since they have a list of millions of potential victims free-of-charge from Sony etc. Any sign that your file is well guarded and I think most hackers will just move on to the next Joe.

PB wrote:> forgetfulness does not exist?

I was referring to weak points in the context of others
getting your password from you.

You did not write that in your regarding reply. You answered in a general sense to a sentence of mine, which was about weak points of password usage and management in general. Others getting your password from you is only one aspect of the whole story.

For all practical purposes, an aes encrypted file is unhackable.

PB wrote:With a file, it can be hacked. Your brain can't.

For future prospects, watch the 2013 movie: Elysium