Page 3 of 3
Re: Great information
Posted: Wed 19 Sep 2012, 17:23
by RetroTechGuy
Wognath wrote:Thanks to all of you. This topic was an interesting and entertaining read!!
I'd like to put in a plug here for truecrypt.
http://www.truecrypt.org
I keep my tax files etc. in a truecrypt archive. [edit: it's a netbook and I travel with it. ]
My password list is also in there, but I'm definitely going to convert the more important passwords (bank, newegg, etc.) over to that elegant MD5 method.
Wognath
edit: Most of my sites of interest have max of 12-16 characters in password, Several require at least 1 character other than number or letter.
Truecrypt under Puppy:
http://murga-linux.com/puppy/viewtopic.php?t=60062
how to increase the security!
Posted: Fri 21 Sep 2012, 03:48
by shoutcrown
hi!
thanks!
I appreciate more information about security...
bye!!!
Figaro's password manager
Posted: Fri 21 Sep 2012, 19:21
by Wognath
Hello again,
Is there a reason why people seem to recommend Keepass, Gorilla etc. but not FPM2 (included with recent puppies)? Is there something wrong with FPM2 that I should know about?? Thanks
Wognath
Posted: Sun 23 Sep 2012, 17:24
by puppy_apprentice
there is not problem with FPM2 i think, it uses good encryption algorithm (AES), some could prefer eg. Gorilla or Keepass because those apps are multiplatform (or they were using them on Windows so it is easier to use something on Linux that they know)
Posted: Wed 26 Sep 2012, 17:40
by Wognath
Thanks, puppy_apprentice. I finally have FPM2 working the way I want, so you gave me the answer I wanted! And thanks for the grc link above (page 1)--interesting stuff.
Posted: Thu 27 Sep 2012, 00:32
by 01micko
Just two points I'd like to make here:
1. There is the chance of error when you put your text into a file and run md5sum. There can be no whitespace on the end of the string or carriage returns. If you produce it using "echo" you must use
/bin/echo, that is,
echo -n.
2. If you store that file then there isn't much point! An attacker could easily get hold of the file.
You can run md5sum from stdin like so:
Code: Select all
# echo -n '5&kr&t'|md5sum
5622165cab4eb0217daa09f574bd3c3d -
Posted: Thu 27 Sep 2012, 08:22
by Barkin
01micko wrote:2. If you store that file then there isn't much point! An attacker could easily get hold of the file.
You can run md5sum from stdin like so:
Code: Select all
# echo -n '5&kr&t'|md5sum
5622165cab4eb0217daa09f574bd3c3d -
That was just to show the MD5 calculators were in agreement, I did say not to write down the salt 5&kr&t ...
Barkin wrote: ... the real passwords are MD5s of those words in quotes plus a secret string of characters I have committed to memory and never write down, e.g. 5&kr&t
It's the only thing you have to memorize to have an unlimited number of secure passwords.
BTW I use something longer than 5&kr&t as a salt : I use a 15 character string not in the dictionary,
So even if someone knows my list of dummy passwords and the method I've used they will still have to do a
brute force attack on a 15 character unknown which could take some time ...
It would take a desktop PC about 157 billion years to crack your [15 character] password
http://howsecureismypassword.net/
Time Required to Exhaustively Search this [15 character] Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 1.49 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 1.49 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.49 million centuries
Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.
https://www.grc.com/haystack.htm
The above times do not include the additional time taken to calculate the MD5 for each guess: MD5 (DummyPassword+BruteForceGuess).