The time now is Tue 18 Dec 2018, 21:22
All times are UTC - 4
Joined: 13 Nov 2013
|Posted: Thu 29 Mar 2018, 11:00 Post subject:
Subject description: a completely new way of thinking about passwords
So many password managers out there, why bother with this one? Because there is no other like it.
A password is a secret that is known only to the party providing a service and the party that should be allowed access to this service.
Simple enough - a secret that you know and your website knows but nobody else, thereby guaranteeing that you and only you have access to your account on this website. Unfortunately, in practice, the ubiquitous use of passwords has us completely overwhelmed. And the only way we can cope with that is by finding ways of making the problem manageable.
The theory behind Master Password starts with accepting that it is impossible to keep track of passwords for all your accounts. Instead, we return to the core premise of the password: a secret phrase that you can remember easily, all by yourself.
Master Password solves this problem by letting you remember one and only one password. You use this password with Master Password only. Master Password then gives you access to any website or service you want by creating a website-specific key for it.
1-You sign into Master Password using your one password.
2-You ask Master Password for the key to enter your website, eg. twitter.
3-You log into twitter using your username and the key from Master Password.
Master Password is not a password manager. It does not store your website passwords. Therefore, there is zero risk of you losing your website passwords (or them falling in the wrong hands). Master Password simply uses your one password and the name of the site to generate a site-specific secret.
Let's find out more about Master Password :
Use Java for Master Password to be platform-independent and build it from source.
Go into the gradle directory and run ./gradlew build. All Java components will then be built:
platform-independent/gui-java/build/distributions: contains an archive with the Master Password Java GUI. Unpack it and run the gui script.
platform-independent/cli-java/build/distributions: contains an archive with the Master Password Java command-line interface. Unpack it and run the cli script.
platform-android/build/outputs/apk: contains the Android application package. Install it on your Android device.
Note that in order to build the Android application, you will need to have the Android SDK installed and either have the environment variable ANDROID_HOME set to its location or a gradle/local.properties file with its location, eg. (for Homebrew users who installed the SDK using brew install android-sdk):
Git : https://github.com/Lyndir/MasterPassword.git
Further reading :
classic password managers :
Political consideration to take into account about passwords and cryptography, referred to as key disclosure law
In fact, many countries provide their officers with a legal grounds for forcing you to divulge your encryption keys to any encrypted information they've recovered during a warranted search.
Again, unlike ordinary password managers, Master Password might have an edge here. If you make no use of stored passwords, Master Password doesn't actually encrypt anything with your master password. That means, when your devices are seized, these legal grounds may no longer apply. Note however that this does not constitute legal advice and that this theory has never been tested in practice.
For your safety, we recommend that in preparation of travelling, you change the master password for your user on the device. That way, if your device is seized by a foreign entity and they force you to divulge your master password, you'll likely be fully compliant by simply giving up the new master password even though it will cause the app to generate invalid passwords for all your sites. Later, you can always change the master password back to the real one.
Time to crack a master password :
9174 50 minutes
v9ea30 560 years
correct horse battery staple > age of the universe
I once had a red ball > age of the universe
A master password does not need to be difficult to remember, such as Togu3]ToxiBuzb.
To use the platform-independant java Master Password, download it from here :
https://github.com/Lyndir/MasterPassword/, clicking on Desktop link, and save file in your download folder. Then open folder and a terminal :
java -jar masterpasswordgui.jar.
But before you can use Master Password, you need to build its components. To that end, you need openjdk-8-jdk. Download it from PPA or with APT (#apt install openjdk-8-jdk).
Once this is done, go to your master password folder, downloaded from git, and open gradle folder. In terminal : ./gradlew build
It takes about 10 minutes to build.
Now you are ready to use Master Password, and make the most of its unique features.
It should not be long before this application is part of Debian/Ubuntu repositories. It is sooooooooooo much better than other password managers.
Further reading :
A secure password generator : Packetizer
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Powered by phpBB © 2001, 2005 phpBB Group