Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Dec 2014, 02:45
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How to increase the security!
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 4 [47 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Wed 02 May 2012, 00:29    Post subject: Passwords
Subject description: wifi set it then forget it
 

shoutcrown wrote:
... Now I can test how to create automatic passwords. It's very useful, but I shouldn't use any known word, just some other characters sequence, right?.

My point was to use the MD5 calculator for computer passwords, e.g.

Barkin’s list of online account “passwords

bank account “money”,
email account “yahoo” ,
paypal account “paypal”

I could write this list down and need not be concerned that anyone sees them because the real passwords are MD5s of those words in quotes plus a secret string of characters I have committed to memory and never write down, e.g. 5&kr&t

So the bank account password is actually MD5(money+5&kr&t) = “51a7f4ff77ea921fa093234a5de7e23c”
email account password is actually MD5(yahoo+5&kr&t) = “8bba976363bd0c32cadc112b41af678d”
paypal account password is actually MD5(paypal+5&kr&t) = “0834be4728210d8526c90b732f82e0f4”

I don’t need to remember 32 character gibberish passwords, I just have to have access to a MD5 calculator, and remember 5&kr&t, and have the list of what appear to be passwords which I don’t have to keep secret. If you want an extra layer of tinfoil Smile you could replace 5&kr&t in the above calculations by it's MD5 = "5622165cab4eb0217daa09f574bd3c3d".


shoutcrown wrote:
...everytime I need to use Wifi connection first I should open MD5 and write my own characters sequence and get the new 32 characteres then paste them when Wifi


If you use something truly random for your wi-fi key, not a dictionary word or an MD5 derived from a dictionary word on its own, longer than 14 characters then that’s sufficient to prevent a dictionary and brute-force cracks, you need never change your wifi key again, IMO.


Quote:
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols.
http://www.aircrack-ng.org/doku.php?id=cracking_wpa

63 characters is overkill IMO, and could slow down your wi-fi when the encryption-decryption is performed.

You don’t have to remember your wifi key, you can write it down and store it on your computer.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Wed 02 May 2012, 01:11    Post subject:  

Just remembered Puppy can calculate MD5 via console (aka terminal) ... http://puppylinux.org/wikka/md5sum

http://www.puppylinuxfaq.org/how-to/20-linux-tips/44-copy-and-paste-to-terminal.html
md5 of string in file calculated via puppy command line (GTK hash confirms MD5 is correct).png
Description  screengrab
png

 Download 
Filename  md5 of string in file calculated via puppy command line (GTK hash confirms MD5 is correct).png 
Filesize  17.56 KB 
Downloaded  433 Time(s) 

Last edited by Barkin on Wed 02 May 2012, 01:35; edited 3 times in total
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 02 May 2012, 01:15    Post subject:  

Does this affect the vulnerability that I read about yesterday?
I try to find links this one and another that I don't find now

http://blogs.computerworld.com/19518/brute_force_tools_crack_wifi_security_in_hours_millions_of_wireless_routers_vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

only four pin security despite having 8 pin. They only need to brute force
the first 4 pin and then they know the rest? Too easy is it not?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Wed 02 May 2012, 01:33    Post subject:  

nooby wrote:
Does this affect the vulnerability that I read about yesterday?

http://blogs.computerworld.com/19518/brute_force_tools_crack_wifi_security_in_hours_millions_of_wireless_routers_vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup


That's a new flaw, the eight digit pin is different from the Wi-Fi key.
My (old?) router doesn't have one of those PIN things: any device which connects to my router via wifi requires the WPA2 wi-fi key, (16 character alphanumeric passphase).
Back to top
View user's profile Send private message 
shoutcrown

Joined: 12 Mar 2011
Posts: 85

PostPosted: Wed 02 May 2012, 02:11    Post subject: internet security
Subject description: passwords
 

Hi barkin!

A long time ago I had to learn many long email passwords (what a waste of time!)

Thanks a lot!
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Wed 02 May 2012, 02:52    Post subject:  

we don't understand each other, but nevermind

i didn't said that prepare paswords using MD5 or wathever is bad methode, i only give u example of my methode to store passwords, again:

i understand that using for eg. facebook: facebook+salt (where salt is secret word/char chain knwown only for u, stored in your head), is easy to remember (facebook describe online service an salt is used to make a "variation" of word facbook, so if cracker will use dictionary where he has word facbook and he will make hash of this word he don't find your pasword because your hashed password is not facebok but facebook+salt)

and it is ok, but i use some forums, some other sites and i have on everyone another nick name (eg. here is puppy_apprentice on another i have another nicknames) so as i have small head and can' remember all mu logins and passwords i'm using programs called password managers

in every password manager u have to first create your passwords database, create for this database master password, and add entries for all your password, whole database will be stored on hd and encrypted with Blowfish or AES etc., to retrieve your password u have to only remember your main password for your passwords database

eg. for Password Dragon (it is Java tool so works everywhere, whre Java is installed):

everytime when u want to open your password database u have to write your master password (it will be stored inside your passwords database and encrypted with Blowfish alghorithm so is safe)


my database (it is only example):


Password Dragon has password generator which i use to generate passwords for my accounts if i'm bored to invent my very own combination (you use MD5 for this, ok):
Back to top
View user's profile Send private message 
shoutcrown

Joined: 12 Mar 2011
Posts: 85

PostPosted: Wed 02 May 2012, 10:44    Post subject: wireless security
Subject description: database
 

Hi puppy_apprentice!

OK!. Database seems to be very useful. Thanks
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2673
Location: USA

PostPosted: Wed 02 May 2012, 11:29    Post subject: Re: Passwords
Subject description: wifi set it then forget it
 

Barkin wrote:
shoutcrown wrote:
... Now I can test how to create automatic passwords. It's very useful, but I shouldn't use any known word, just some other characters sequence, right?.

My point was to use the MD5 calculator for computer passwords, e.g.


I think that this is a clever idea. Good passwords, without the pain of generating and then remembering them.

Then a decent password safe can store a number of different passwords. I started using Password Safe, and under Puppy migrated to Password Gorilla (compatible with the Safe archive):

http://www.schneier.com/passsafe.html

http://www.schneier.com/blog/archives/2010/11/changing_passwo.html

http://passwordsafe.sourceforge.net/

https://github.com/zdia/gorilla/wiki/

I use the Tcl/Tk version under Puppy.

_________________
Add swapfile
Back to top
View user's profile Send private message 
shoutcrown

Joined: 12 Mar 2011
Posts: 85

PostPosted: Wed 02 May 2012, 11:42    Post subject: wireless security
Subject description: password
 

hi RetroTechGuy!

thanks!
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 193

PostPosted: Fri 14 Sep 2012, 01:56    Post subject: Great information  

Thanks to all of you. This topic was an interesting and entertaining read!!

I'd like to put in a plug here for truecrypt. www.truecrypt.org
I keep my tax files etc. in a truecrypt archive. [edit: it's a netbook and I travel with it. ]

My password list is also in there, but I'm definitely going to convert the more important passwords (bank, newegg, etc.) over to that elegant MD5 method.
Wognath

edit: Most of my sites of interest have max of 12-16 characters in password, Several require at least 1 character other than number or letter. Sad
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2673
Location: USA

PostPosted: Wed 19 Sep 2012, 13:23    Post subject: Re: Great information  

Wognath wrote:
Thanks to all of you. This topic was an interesting and entertaining read!!

I'd like to put in a plug here for truecrypt. www.truecrypt.org
I keep my tax files etc. in a truecrypt archive. [edit: it's a netbook and I travel with it. ]

My password list is also in there, but I'm definitely going to convert the more important passwords (bank, newegg, etc.) over to that elegant MD5 method.
Wognath

edit: Most of my sites of interest have max of 12-16 characters in password, Several require at least 1 character other than number or letter. Sad


Truecrypt under Puppy:
http://murga-linux.com/puppy/viewtopic.php?t=60062

_________________
Add swapfile
Back to top
View user's profile Send private message 
shoutcrown

Joined: 12 Mar 2011
Posts: 85

PostPosted: Thu 20 Sep 2012, 23:48    Post subject: how to increase the security!
Subject description: ...
 

hi!
thanks!
I appreciate more information about security...
bye!!!
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 193

PostPosted: Fri 21 Sep 2012, 15:21    Post subject: Figaro's password manager  

Hello again,
Is there a reason why people seem to recommend Keepass, Gorilla etc. but not FPM2 (included with recent puppies)? Is there something wrong with FPM2 that I should know about?? Thanks
Wognath
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Sun 23 Sep 2012, 13:24    Post subject:  

there is not problem with FPM2 i think, it uses good encryption algorithm (AES), some could prefer eg. Gorilla or Keepass because those apps are multiplatform (or they were using them on Windows so it is easier to use something on Linux that they know)
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 193

PostPosted: Wed 26 Sep 2012, 13:40    Post subject:  

Thanks, puppy_apprentice. I finally have FPM2 working the way I want, so you gave me the answer I wanted! And thanks for the grc link above (page 1)--interesting stuff.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 4 [47 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0987s ][ Queries: 13 (0.0148s) ][ GZIP on ]