Will converting my password to sha512 before using it make it more secure?
>>52158972
wat
>>52159075
I mean, say I'm signing up for gaymeninhats.com and it wants a password, instead of putting
>password1
I put
>bc547750b92797f955b36112cc9bdd5cddf7d0862151d03a167ada8995aa24a9ad24610b36a68bc02da24141ee51670aea13ed6469099a4453f335cb239db5da
which is the SHA512 hash of "password1". Is that more secure?
I used to do this.
>SHA
Not:
>CAESAR>ROT>SHA
normie and gay
Is there a password manager that supports this?
Well, yeah. It will.
But if lots of people use sha512, then it'll become worthwhile for crackers to sha512 their lists too.
It's security by obscurity that is improving your passwords, because of how password cracking really works.
>>52159224
Why did you stop?
>>52159250
Yeah, but it also require more efforts from crackers, cause they have to check for both "password1" and for hash of password1. The good thing is that you can make various combinations of different hashes, which makes it even harder for crackers to crack it.
>>52159187
i doubt any "normal" site would allow any password longer than 30 chars
>>52159238
ain't that the same thing?
>>52159250
sec. by obsc.
what most plebs do not understand, and what NSA can't beat, is the human factor.
by having various tools available, and with clever use of human fantasy - something NSA botnet do not have, the zionist hivemind can, and will be, defeated.
>>52159238
This, nothing beats double ROT13.
What's the point of this? Any website worth it's salt (pun intended) hashes your passwords anyway. If you are company storing passwords as cleartext you have more problems than hackers
>>52159264
It was too much effort. I was using unique passwords anyways so...
>>52159278
I think every sane site would set high or no limit since your pass is stored as hash anyway
>>52158972
what happens when your password get hashed again when its stored by the site?
>>52158972
It will allow you to hit the max character limit for passwords most of the time, which will dissuade crackers. The reason being, it's easier to go after people with passwords like "monkey1" or "password1234" rather than a random string of letters.
That being said, if more people do this then it would be trivial to simply add the hash of "password1" to their list. Even though you have a longer string, crackers could easily just convert the most widely used passwords into their respective sha256 or sha512 strings and then we're at the same place where we started.
>>52159187
>Your password must contain at least one capital letter, one special character, a gang sign, a racial slur and the blood of a virgin.
Said every signup form ever
>>52159372
What about
>monkey -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512 -> sha512
?
Would a cracker do it that many times?
>>52159372
why is there a limit on password length?
>>52159406
They'd have to double the amount of attempts for each time you hash it. If you don't let anyone know your hashing sequence you're fine. You could do any mix of md5, sha512, sha256 etc in different orders and lengths.
>>52159372
>>52159387
This. Using a password manager is pretty much the only choise if you want secure and unique passwords.
>>52159406
You could randomize the amount of times you hash it, so every website would technically have a different password with the same origin password. You would just need to track how many times you hash it :D
>>52159406
No, that is extremely unlikely. You could just do "password1" > sha512 > sha512. Again, as of right now you're safe with just converting to sha512, and to be honest I don't ever see the general public doing this, so you should be safe.
Just remember that crackers will always go for the lowest hanging fruit.
>>52159406
Please look up pbkdf2
Why are you all so worried about getting hacked?
Am I having conversations with elite political figures, or are you all just paranoid as all fuck?
>>52159423
I guess for space? I'm not too sure, but major sites generally have limits to password lengths (around 16 characters or so).
>>52159450
Holy shit that's an awesome idea. So I could literally just remember "password3" and it means "password hashed 3 times". So all I really have to remember is a number, and say like for 4chan I would pick password4 obviously. Can anyone write a Windows GUI program to do this?
Just use 20 times "1" as a password, I doubt any hacker will start bruteforcing with 20 characters.
>>52159500
It depends on how common a password that like is. Passwords like "aaaaaaaaaaaaaaa..." are cracked easily because people use them often thinking it's secure. Crackers aren't bruteforcing many times, they're using dictionary lists of common passwords.
The government has access to all your shit anyway, and that's honestly what you, the average joe, has to worry about when it comes to getting hacked. Doing all this shit to your password is absolutely pointless.
If you want a good password, pick meaningless words.
Wait what about
facebook password
>koobecaf
>base64
Easy to remember and secure, you could even add ROT if you wanted
>>52159529
Actually it's better to just look for password dictionaries, combine them all into one file, and search if your password idea is in them.
>>52159555
Even better, don't use passwords, use passphrases.
For example, "ThisIsMyFBpassword//" is a decently secure password compared to "password1234".
For amazon you could use "ThisIsMyAMAZONpassword//"
>>52159573
This is a good idea as well.
>>52159187
No, it only makes it harder for the attacker to know what your original password was if the database was leaked.
Which also should be done by the provider automatically anyway, but some providers seem to not care at all and store them plaintext.
Also if this ever became 'popular' an attacker would just try both the normal and sha512 version and add both to his rainbow table.
>>52159406
A waste of time
>>52159406
As others mentioned this is just a small scale pbkdf2, which should be done by the service provider you are accessing when they store your password for verification later on, or atleast some other 'crypto' password storage method.
>>52159648
you could also have set patterns i.e replace all "a"s with 4
>>52159681
The issue with this is that l33tsp34k is well known by now, and the trick with replacing 'o's with zeros and 'a' with 4's are quite popular. You're better off using a passphrase (see my post above yours) instead of random letters. It's not that hard to remember a sentence, and you would be less likely to forget it if you use a certain pattern when making your sentences.
>>52159648
All of my passwords are common-lisp code snippets.
Extremely easy to memorize and highly 'secure'
I thought double hashing, or any nth hashing is insecure?
>>52159844
No, see PBKDF2. This is common stuff for people who store passwords.
>>52159347
My bank only allows 8 to 24 characters and requires 1 capital letter, 1 lowercase and 1 number. Shit really pisses me off becaues my passwords are generally 50+ charaters and may or may not contain numbers.
>>52159873
>mfw i can't understand math
thanks for the info anon-sempai.
>>52159335
Kek. Underrated
>>52158972
just use KeePass 2's generator
>>52159494
i'll do the logo
>>52160344
I can do a quick bash script#!/bin/bash
read -p "Input your password: " password
SHA512_PASS=$(sha512 $password)
EXAMPLE_PASS=$(algorithm $SHA512_PASS)
PASSWORD=$(algorithm $EXAMPLE_PASS)
echo 'Your password is: $PASSWORD'
This is just a really quick way of accomplishing it.
>>52160394
whoops, I just realized you could use pipes instead of creating new variables each time. Oh well, you get the idea.
>>52159335
kek
>>52160394
I only just started using linux on my laptop
to use this I just save it as .sh chmod +x it then run it in terminal, then will it prompt me in the terminal window?
>>52160344
lyl
>>52160514
>to use this I just save it as .sh chmod +x it then run it in terminal
Yes, but you don't have to save it as '.sh'. It doesn't matter. Remember to replace the 'algorithm' parts to an actual hashing algorithm (eg. sha256, sha512, etc.) so it works.
Also, while my script will not harm your system, you should be careful in the future about saving scripts from the internet, especially on /g/.
AsparagusOnionsDieselJetFartPlaneEuropePlanet
This is the format my password is in and I've had it for 15 years.
>>52159372
>same place
It is not the same place, you have doubled their overhead
>>52160666
True, but you're still delaying the inevitable.
>>52160560
thanks for the tip/help
>>52160712
No problem. This was an actually good thread and I enjoyed being part of it.
>>52160514
That looks like pseusocode.
sha512 and algorithm do not exist as commands and it's also shit because read and echo will put your password on screen.
Here take this:#!/bin/bash
read -sp "Enter your password: " password
number=`echo "$password" | grep -o '[0-9]*' | tail -n 1`
if [ -z $number ]; then
echo "That password did not contain a number."
exit
fi
echo "Iterating $number times"
passhash="$password"
for i in `seq $number`; do
passhash=`echo "$passhash" | sha512sum - | awk '{print $1}'`
done
echo -n $passhash | xclip -i
You have to install# apt-get install xclipon Deb "Buttfucked by a sheboon" Ian.
>>52160908
>It's also shit because read and echo will put your password on screen
>doesn't clear clipboard after 20 seconds
shiggy
>>52160996#!/bin/bash
while true; do
xclip -i < /dev/null
sleep 20
done$ ./clearclip &
happy now?
>>52161104
>two different files
>It will clear everything from clipboard every 20 seconds even important documents
>accidentally copied something with .0001 seconds left
shiggy
>>52161151
>he doesn't clear his clipboard to stop FBI from reading it
>he doesn't set a conky gauge to tell him how much time before the next purge
ayyy
>>52159450
huh, yeah, that could be interesting. Like hash the website domain and take the last one or two digits and hash a common password that number of times. I like it.
>>52159756
What do you do for sites that require a capital? Or are you one of those CL people that caps everything? And in that case what about the reverse scenario.
>>52159875
Why do people do this?
It's not like a 900-char password takes up more diskspace than a 8-char password.
I would limit you to 8Kb and also allow you to use files as password by hashing it on client side and using that hash as password input
