Password Managers

**Mental Trousers** · 8th September 2012, 23:29

Use a method for generating your passwords and save the means to generate it to a place you can get to from anywhere and you'll never go wrong.

NOTE these are examples of methods that I just pulled out of the air in 2 minutes, come up with your own variations/methods

Method 1.

Take one photo

Save it as the username you will use, eg psycho-panties.jpg.

Save it to a web site you can access from anywhere, eg your photo albums on KB

Pass it through a cryptographic hash function of some sort (sha1sum, sha256sum, sha512sum, sha224sum, sha384sum ....)

Use the first 5 digits of the hash, a symbol, the initials of the chick in the photo and the year she was born

8edbe=NW1981

Method 2.

Pick a pornstar

Edit the photo and embed the username on her right boob so that you can only read it if you zoom right in

Save the image to a place you can access it from anywhere, eg your photo albums on KB

Use her details as a password (according to Wikipedia Tera Patrick was born Linda Ann Hopkins)

LAH_36-24-38

**Akzle** · 8th September 2012, 23:33

Originally Posted by bogan

Reading comprehension not your strong suit then?

i believe the quantifier LESS was used in the original point i responded to.

if one is going to brute force your pwd, it doesn't matter how random or if/where it's written/remembered, as it's simply an algorithm that matches little bits of 01101 type shit.

**Brian d marge** · 9th September 2012, 00:00

I use the password "b" , seems to work for everything ,,,so far

Stephen

**jonbuoy** · 9th September 2012, 00:07

Keypass is excellent, you can get a USB keyring fob/credit card to save it on and run it directly from there - only need one master password to open it plus your unlock code if your running it from you iPhone/iPad. Will automatically generate passwords as strong as you want - just copy and paste them if you´ve chosen super long passwords. Don´t ever use any "real" words - makes it easier for dictionary attacks - ie change dog to d09.

**Gremlin** · 9th September 2012, 01:08

Originally Posted by jonbuoy

Don´t ever use any "real" words - makes it easier for dictionary attacks - ie change dog to d09.

Misconception... number substitution is now often included in hacks...

**jonbuoy** · 9th September 2012, 08:45

Originally Posted by Gremlin

Misconception... number substitution is now often included in hacks...

So you think it would take the same time to hack a substituted combination of numbers of letters or a plain english/foreign language word?

**Akzle** · 9th September 2012, 12:29

Originally Posted by jonbuoy

So you think it would take the same time to hack a substituted combination of numbers of letters or a plain english/foreign language word?

yes.
. .

**bogan** · 9th September 2012, 13:11

Originally Posted by Akzle

i believe the quantifier LESS was used in the original point i responded to.

if one is going to brute force your pwd, it doesn't matter how random or if/where it's written/remembered, as it's simply an algorithm that matches little bits of 01101 type shit.

Funny thing is, when you cut off the end of the sentence, it makes it difficult to comprehend what you are reading. Probably why you disagreed with my point, then proceeded to make the same point.

Only problem is, a brute force attempt processing 500,000 passwords per second might raise some alarms on the server, especially since at that rate you'll be going for up to 32 hours (with a known 6 digit password). Much higher chances of somebody finding that uberhard to crack one that you have to write down imo. Brute force isn't as practical in the real world, as it is infallible in textbook land.

Probably the main downside with using the same simple password, is if one thing you use it for gets hacked (yes they use better encryption, but a much more attractive target) people can use your details and the known password to get into your other websites etc.

**jonbuoy** · 9th September 2012, 13:17

Originally Posted by Akzle

yes.
. .

Well your wrong, try it. Marian will take less time than M@r1@n

**FJRider** · 9th September 2012, 13:31

Originally Posted by jonbuoy

So you think it would take the same time to hack a substituted combination of numbers of letters or a plain english/foreign language word?

If in a attempt to hack a password ... machine vs machine. Logical sequence has no place.

In a 6 figure password ... the changing of one digit can change a word. Even the simple changing a B to a 3 (or similar) can make it appear more difficult to hack in a human mind. But to a machine ... just a different combination to check.

The key to hacking ... is time/chances available to try the possible combinations.

**bogan** · 9th September 2012, 13:36

Originally Posted by FJRider

If in a attempt to hack a password ... machine vs machine. Logical sequence has no place.

In a 6 figure password ... the changing of one digit can change a word. Even the simple changing a B to a 3 (or similar) can make it appear more difficult to hack in a human mind. But to a machine ... just a different combination to check.

Unless the password hacking algorithm is designed to run the more common combinations (words) first; which seems an extremely simple time-saving measure I'd be surprised if any decent hacker didn't make sure that was the case. In fact it wouldn't surprise me if words were run with numerical letter replacements straight after the correct spelling.

**FJRider** · 9th September 2012, 13:45

Originally Posted by bogan

Unless the password hacking algorithm is designed to run the more common combinations (words) first; which seems an extremely simple time-saving measure I'd be surprised if any decent hacker didn't make sure that was the case. In fact it wouldn't surprise me if words were run with numerical letter replacements straight after the correct spelling.

The effort made by hackers is in direct proportion to their expected gain from any resulting success.

The key is regular change to passwords as a matter of course. Depending how much you have to loose ... or how much you value what your privacy ...

**bogan** · 9th September 2012, 13:49

Originally Posted by FJRider

The key is regular change to passwords as a matter of course. Depending how much you have to loose ... or how much you value what your privacy ...

I don't buy into that, I figure if somebody cracks your password you'll know about it, and if they haven't, getting a new one doesn't make it any more difficult.

**jonbuoy** · 9th September 2012, 13:59

Originally Posted by bogan

I don't buy into that, I figure if somebody cracks your password you'll know about it, and if they haven't, getting a new one doesn't make it any more difficult.

Depends, if they've intercepted something and are trying to break an encryption that takes say 4 weeks to crack and you change your encryption every 3 weeks it makes things a lot harder. Extreme example.

**FJRider** · 9th September 2012, 14:03

Originally Posted by bogan

I don't buy into that, I figure if somebody cracks your password you'll know about it, and if they haven't, getting a new one doesn't make it any more difficult.

They wouldn't expect a common bogan to have much of value. And depending on the length of time spent looking/checking combinations ... if they thought you might have ... keeping the same password just makes it a matter of time before they get it. You may have changed it to one they have already checked.

Money gain may be less important than information gained to a hacker. One piece of information you have, may be the key to another greater prize. You wont even know it's been taken.

Thread: Password Managers

Thread Tools

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions