SHIT, why haven't I found Keepass earlier? If you don't know what it is check it out, you will not regret it
>>51293510
>Just collect all your passwords to one place
rrrrrrrrrrrrrrreeeeeeeeeetaaaaaaaaaaaaaaard
Been using it for years.
Sure beats reusing passwords like a moron or writing them down like a turbo retard.
>>51293537
I was a moron and a turbo retard like that till an hour ago, shit I was blind and now I see
Is there anything wrong with generating passwords deterministically? You get to use different passwords for every site by only memorizing one master password and you don't need to keep a password list safe because you just generate the passwords again whenever you need them.
>>51293683
>you don't need to keep a password list safe
What do you mean by this?
>>51293683
I'm going to steal this idea, provided it's original.
Might make a fun project if I can find enough time for it
>>51293683
What you're talking about is a salt. Or rather, a function that depends on where the password is used.
What you're doing is simply basic encoding. It beats computerised methods simply because the computer generally can't compensate for it without human intervention.
Generally your method is fine so long as the function is not easily detectable (like simply just adding the name of the site to the password, you need to have more steps)
I only memorize one single algorithm which generate by itself a completely different password depending of what service I use.
>>51293683
What is the difference to generate a new password for every site (you don't even have to look at the new password, Keepass does the job)
>>51293811
So with stuff like keepass, you store a password list which is encrypted by your master password. You need to keep that list safe because if you lose it, you lose all your passwords.
If you generate passwords deterministically, (eg. hash of domain name + master password), you don't need to keep any password list because you can just generate the password again using the same master password.
>>51293851
It's been done plenty times before. https://pwdhash.com/ is the example that gets commonly brought up. Still a fun project though.
>>51293893
Why would I need to have an app if I can do it myself faster?
>>51293683
In theory it's a good idea, only problems are:
1. sites with idiotic password requirements
2. sites requiring periodic change of password and disallowing reusing previous ones.
>>51293898
>So with stuff like keepass, you store a password list which is encrypted by your master password. You need to keep that list safe because if you lose it, you lose all your passwords.
>
>If you generate passwords deterministically, (eg. hash of domain name + master password), you don't need to keep any password list because you can just generate the password again using the same master password.
That's not very good, the first thing I would do if I had a user-pass list is to add e.g. for what.cd wcd<pass>, whatcd<pass>, etc, can be easily be compromised.
>>51293909
Safer, easier (I tried now KeeFox, passwords are automatically in password fields lol)
>>51293898
>You need to keep that list safe because if you lose it, you lose all your passwords.
Which is really easy because it is simply a computer file.
Copy it on multiple storage devices, hell, upload it on cloud storage. It's an encrypted archive. AES-256 is unbreakable with current and future technology. Well, probably unbreakable with future technology. Assuming that quantum computers don't take off
>>51293926
Well you can do it poorly like the example you mention or you can do it like a man
Nevertheless if you wanna rely on a centralized third party service for your passes you obviously don't care much really, but don't worry, it's your right
>>51293968
>centralized third party service
You confuse Keepass, a program which stores your passes on a single file which you can manage however you want (usb sticks, cloud, optical media, you name it) and unlock it with a password and/or a key file (which also you manage as you want)
with Lastpass.
>>51293926
I'm not sure what you mean, but here's a couple of passwords generated from the function I use:
9gag.com: 9965ZmhhXUG0rLZ2yBxu8nOeqPeXGyM
reddit.com: 2Ln012hcH8KwMHc0ch5k9svk4E43Jwj
Is it possible to determine the master password from these?
>>51294019
But you need a program to remember/generate these password to enter them right?
Keepass has been out for like 100 years bro.
>>51294041
Yes. The program is basically: bcrypt the master password using the md5 hash of the site name as the salt.
>>51293510
yep, its great.. but why do mapc versions have better looking icons for every fucking software??
>>51294091
In that of having the need of a program, it's more safe to use Keepass with completely random passwords with symbols and anything you can imagine, than a homemade similar method
>>51294122
I agree that using completely random passwords is safer. I'm just concerned about what happens when I lose my password list.
>>51294171
It's a small kdbx file, you can copy it to hundreds of places (and not worry about security, it's strongly encrypted), you must be very very unlucky to lose it
>>51294106
because only macfags put aesthetics before usability
Using Keepass for years
But what /g/ thoughts on Encryptr ?
i remember all my passwords desu (50-60) but i use keepass bc i once forgot all of them being dead for 14 minutes. man, what fun it was to try remembering all of them..
>>51293898
>(eg. hash of domain name + master password)
might be a valid approach, but if an attacker gets access to just one of your passwords then he probably can generate them all. that is, if your account data is interesting enough and worth the trouble
>>51294211
Maybe I am being a little overly paranoid. A few questions about keepass then:
Is the kdbx file format documented anywhere or am I going to have to read the source code?
On GNU/Linux, Keepass2 or KeepassX?
>>51294405
Don't like the website. Stupid trendy design with buzzwords and apple-style copy.
Initial impressions:
1. It's GPL. Very good first impression.
2. Looks like it's trustworthy enough. But the whole cloud gimmick I never like.
3. I really hate the website.
In short; probably works fine but it looks stupid. It has the 'stupid preppy startup guys' impression rather than the 'cryptographically secure autists' impression.
Non-local storage isn't something you want for security anyway.
>>51294456
Well the file format is the result of an AES-256 encryption. You'd have to have software that decrypts it before you even start to write software that accesses the database.
I figure unencrypted it's just a rather simple database.
Try the keepass documentation.
I recommend keepassX. although it doesn't matter
>>51294456
I'm using classic KeePass for Windows.
It's GNUv2
http://keepass.info/help/v2/license.html
source code (end of page)
http://keepass.info/download.html
From what I see
https://www.keepassx.org/
KeePassX is the unixoid equivalent
Does anyone know any reliable hardware solutions? Like a USB stick that keeps your keys in inaccessible memory and gives them out after you authenticate yourself. I know there are sticks that keep your private RSA (or other algorithm) keys and do the encrypting/decrypting/signing inside without letting the computer see these keys, but they are obviously for asymmetric encryption only.
It's OKAY. There aren't many other open source alternatives to it. I just wish the 2nd version wasn't written in C#. In order to run it on Linux, you have to use Mono, which I don't find much different than running it within Wine.
I use this one, personally: http://www.passwordstore.org/
>not being able to simply remember passwords
do you retards have notes in the bathroom to remind you to brush your teeth and wipe your ass too?
>>51294585
Oh look at the Einstein here who can remember 10 (at least) entirely different passwords
>>51294593
fucking easy kid. set secure passwords that are relevant to the account using mnemonics.
>>51294619
>mnemonics
Elaborate please, maybe you are the chosen one to know the solution
>>51294497
Well built into keypass is the notion of a 'key file'. Something you can put on a USB stick and use it to authenticate access to your password database.
>>51294629
choose a memorable phrase that applies to the account, then abbreviate it with a combination of normal and special characters. e.g. "zuckerberg, king of the jews" would be used to create a facebook password P@$sZk0+Jud€n. to make it even easier, keep the same tag P@$s and add your memorable phrase to the end, beginning, or interspersed.
>>51294703
OK, that's a common site you visit everyday, what about all the forums, sites that need registration, are you going to use the same password for all or different for all, having to write down that passwords? That's when keepass comes to play.
>>51294725
If you can recite the entire lyrics to any song, which I'm sure you can, you could remember at least 30 different phrases to associate with accounts. It's just about making memorable connections in the brain.
>>51294725
>>51294762
Another factor in all of this is that the weak point of passwords is more often the server end rather than the user end. Are hackers going to target you personally for one password, or a huge corp for millions? With this in mind a secure password will only go so far.
>>51294762
Why should I try to remember all of that when I can have hundreds of entirely difficult, very hard passwords with letters, numbers, symbols by remembering only 1 password? And in addition to that, on my desktop (and soon on mobile too) the usernames-passwords are automatically on the fields.
>>51294800
>hackers going to target you personally for one password.
NSA and British intelligence industries have programs to detect unique passwords for person and single you out
and they most likely already got your password
>>51294814
>Why should I
See, this is what it boils down to. You can't be assed to actually use your brain.
>>51294848
Today we have more important things to do with our brains than try to remembering passwords, phone numbers and other stuff like that, there is contacts book for the one and now a hugely more secure way with keepass for the other
>>51294886
You're just lazy. Once you've trained yourself to use mnemonics to remember things, it becomes second nature and you don't even need to engage your brain. Just try it with other things and you'll see... unless you're just too busy with other things (like posting on /g/)
>>51294914
I actually have a very good history knowledge and sports history knowledge, I always hate though this kind of things to remember
I tried memenomics for 3 years and it iddn't help me remember at all all it did was make me just more confused and lost with memory
>>51294950
For ages, I had a plain text file with my passwords on a floppy disk, later thumbdrives. Now for the last couple years I keep them in a little physical notebook because I estimate the chances to get mugged by hackers irl pretty low.
>>51293898
back it up like any of your other important files.
>>51295027
yeah paper is pretty fucking sceure these days
>>51293510
Keepass is fucking based.
