(old)Puppy Linux Discussion Forum

shoutcrown wrote:Sylvander, like the others guys I prefer to use Linux rather than Windows because of more security...

Same here.
The reasons I'm continuing to use this Windws portable program is:
(a) I used it for years prior to the point in time at which I discovered Puppy Linux.

(b) It's easy to just continue to use it.

(c) It's a REALLY GOOD program.
Does its job wonderfully well.

shoutcrown wrote:What do is the meaning of budding tin hats?

"tin foil hat" is a joke name for people who are overly concerned with security and incorrectly believe they are under observation ... https://en.wikipedia.org/wiki/Tinfoil_hat

shoutcrown wrote:... Where can I get MD5 password generator?

My Puppy 525 comes with "GtkHash" (see "utility", "general utilities") which calculates MD5 and SHA1 of strings of characters (i.e. "text"), or files.

There are MD5 calculators which can run in your browser (via javascript), e.g. ... http://pajhome.org.uk/crypt/md5/

And there are online MD5 calculators ... http://hash.online-convert.com/md5-generator but "online" means your passwords will be transmitted unencrypted over the internet

Sylvander wrote:1. For years now...
I've held ALL of my MANY sets of info [includes username, password, security info, URL's, etc]...
In my "Acersose Password Vault" [APV].

I've been using Password Gorilla to store my passwords...

Barkin MD5 seems to be a good password generator...

u can use MD5 as a password generator, but MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods)

u write in fields eg. login: user, password: qL2a9.! and before they will be stored in site database they will be encrypted via MD5, if u will login to site and write your login and password (the same like above), data again will be encrypted and compared with encrypted data from database

for storing password in linux i'm using those:
GPassword Manager http://sourceforge.net/projects/gpasswordman/
Password Dragon http://www.passworddragon.com/
LastPass https://lastpass.com/

puppy_apprentice wrote:

Barkin MD5 seems to be a good password generator...

u can use MD5 as a password generator, but MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods)

Why?

The MD5, as used, is the "text password", which is then MD5 hashed once again for the password server. Such a "random" string would typically be more secure than "ESAD" or "Password" or any of the simple memorable passwords people use.

And while it may not be perfect, it is very likely to NOT be the weakest link...

Why Cryptography Is Harder Than It Looks, By Bruce Schneier

http://www.schneier.com/essay-037.html

Choosing Secure Passwords, By Bruce Schneier

http://www.schneier.com/blog/archives/2 ... ecure.html

Why?

The MD5, as used, is the "text password", which is then MD5 hashed once again for the password server. Such a "random" string would typically be more secure than "ESAD" or "Password" or any of the simple memorable passwords people use.

yep i agree please read my example:

password: qL2a9.!

in the field password user has to write qL2a9.! or Z!$d.4F0£XXXXX where X is randow character/digit/symbol or any random chain and ofcourse it don't have to start with Z!$d.4F0£ it is only example like looks my passwords, i try to use in my passwords digits/chars/numbers

u use md5 to get your randow passwords (from your string + salt) i use my fingers to produce my random passwords and check them on GRC.COM site if they are "strong enough":



,but as i said i store passwords in my site encrypted using methods available in PHP, so again i write in my site Z!$d.4F0£XXXXX as a password to login, my script is adding salt to this password andwhole chain is hashed via MD5 or SHA1 or another and stored in mysql database in my site

and i store all my random passwords in apps mentioned in earlier post, they have options to generate strong passwords, and encrypt them in AES, Blowfish etc.

i think that we speak about the same, but this methode is used to store passwords on internet sities (i add to your info some more info)

hi guys!

Sylvander, that's right!. Windows and his programs may be more easy to use so many people doesn't want to use other OS. Also everybody is free to choose which OS and programs to use.

Barkin, that's funny..., (i guess i am buddy tin hat or tin foil hat... I don't care!). You know?, I had Lucid 528, but there is no drivers for TP-LINK TL-WN722N to install on Lucid (there is those drivers only for Slacko 531). So I am using right now Slacko Puppy Linux 531. I mean Slacko doesn't have GTKhash. Like you say if I use MD5 in the browser then anybody can see my passwords... That wouldn't be a good idea.

RetroTechGuy, thanks

[puppy_apprentice]MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods) [/puppy_apprentice]

puppy_apprentice and RetroTechGuy, ok, so using MD5 perhaps is a risk... (there is nothing perfect, isn't?).

The security is a deep issue, and there is nothing perfect, isn't?. Like sickgut say:

http://www.murga-linux.com/puppy/viewtopic.php?t=77746

[sickgut]if someone wants to hack you they will, no matter what security you have in place. Most govenments in the world dont actually let a product hit the shelves unless is can be backdoored or there is govenment approved backdoor in it, this is how they fight cyber crime[/sickgut]

Maybe finally i will keep writing by myself my passwords and changing them usually

Thanks a lot! bye

shoutcrown wrote: Like you say if I use MD5 in the browser then anybody can see my passwords... That wouldn't be a good idea.

Online and in-browser are different. Online transmits data over the internet, in-browser doesn’t. Attached is a zip file “arcane MD5

hi Barkin!

Je, je!!!. There was a confusion!

[quote]Barkin:
Online and in-browser are different. Online transmits data over the internet, in-browser doesn’t. Attached is a zip file “arcane MD5

shoutcrown wrote: puppy_apprentice and RetroTechGuy, ok, so using MD5 perhaps is a risk... (there is nothing perfect, isn't?).

Huh? I think that I said just the opposite. I see nothing wrong with using an MD5 hash for the password.

Your best defense is a password that isn't dictionary testable...that reduces the attack to brute force, which pretty well ends the attack. (and I doubt that your MD5 will be in the dictionary).

shoutcrown wrote: ... Now I can test how to create automatic passwords. It's very useful, but I shouldn't use any known word, just some other characters sequence, right?.

My point was to use the MD5 calculator for computer passwords, e.g.

Barkin’s list of online account “passwords

Just remembered Puppy can calculate MD5 via console (aka terminal) ... http://puppylinux.org/wikka/md5sum

http://www.puppylinuxfaq.org/how-to/20-linux-tips/44-copy-and-paste-to-terminal.html

Does this affect the vulnerability that I read about yesterday?
I try to find links this one and another that I don't find now

http://blogs.computerworld.com/19518/br ... vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

only four pin security despite having 8 pin. They only need to brute force
the first 4 pin and then they know the rest? Too easy is it not?

nooby wrote:Does this affect the vulnerability that I read about yesterday?

http://blogs.computerworld.com/19518/br ... vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

That's a new flaw, the eight digit pin is different from the Wi-Fi key.
My (old?) router doesn't have one of those PIN things: any device which connects to my router via wifi requires the WPA2 wi-fi key, (16 character alphanumeric passphase).

Hi barkin!

A long time ago I had to learn many long email passwords (what a waste of time!)

Thanks a lot!

we don't understand each other, but nevermind

i didn't said that prepare paswords using MD5 or wathever is bad methode, i only give u example of my methode to store passwords, again:

i understand that using for eg. facebook: facebook+salt (where salt is secret word/char chain knwown only for u, stored in your head), is easy to remember (facebook describe online service an salt is used to make a "variation" of word facbook, so if cracker will use dictionary where he has word facbook and he will make hash of this word he don't find your pasword because your hashed password is not facebok but facebook+salt)

and it is ok, but i use some forums, some other sites and i have on everyone another nick name (eg. here is puppy_apprentice on another i have another nicknames) so as i have small head and can' remember all mu logins and passwords i'm using programs called password managers

in every password manager u have to first create your passwords database, create for this database master password, and add entries for all your password, whole database will be stored on hd and encrypted with Blowfish or AES etc., to retrieve your password u have to only remember your main password for your passwords database

eg. for Password Dragon (it is Java tool so works everywhere, whre Java is installed):

everytime when u want to open your password database u have to write your master password (it will be stored inside your passwords database and encrypted with Blowfish alghorithm so is safe)


my database (it is only example):


Password Dragon has password generator which i use to generate passwords for my accounts if i'm bored to invent my very own combination (you use MD5 for this, ok):

Hi puppy_apprentice!

OK!. Database seems to be very useful. Thanks

Barkin wrote:

shoutcrown wrote: ... Now I can test how to create automatic passwords. It's very useful, but I shouldn't use any known word, just some other characters sequence, right?.

My point was to use the MD5 calculator for computer passwords, e.g.

I think that this is a clever idea. Good passwords, without the pain of generating and then remembering them.

Then a decent password safe can store a number of different passwords. I started using Password Safe, and under Puppy migrated to Password Gorilla (compatible with the Safe archive):

http://www.schneier.com/passsafe.html

http://www.schneier.com/blog/archives/2 ... asswo.html

http://passwordsafe.sourceforge.net/

https://github.com/zdia/gorilla/wiki/

I use the Tcl/Tk version under Puppy.

hi RetroTechGuy!

thanks!

Thanks to all of you. This topic was an interesting and entertaining read!!

I'd like to put in a plug here for truecrypt. http://www.truecrypt.org
I keep my tax files etc. in a truecrypt archive. [edit: it's a netbook and I travel with it. ]

My password list is also in there, but I'm definitely going to convert the more important passwords (bank, newegg, etc.) over to that elegant MD5 method.
Wognath

edit: Most of my sites of interest have max of 12-16 characters in password, Several require at least 1 character other than number or letter.