[QUOTE=J!NX;47490678]its why I love keepass[/QUOTE]
Until someone gets your master password.
[QUOTE=itisjuly;47490709]Until someone gets your master password.[/QUOTE]
that's why you use a really long master password, don't put in your account names into it (Aka only use the site name, and not account name, so they won't know what accounts you are on), and use a passkey file
you can also lock it so that only your windows user account can use it, which means they need my long ass master password, my key file, and my user account. So even if they had my master password, I'm fine
besides, I have extremely long passwords because of keepass, which is great
[editline]9th April 2015[/editline]
in fact, if you can crack this file, you can have everything in it
[url]https://drive.google.com/file/d/0B_gMG1oTusb_OWF3cDFpVjZ6dGc/view?usp=sharing[/url]
the password is 15d65499-6920-4dc0-9dec-37c97e4a8093
have fun
[sp]admiralaonzoghostpenis420yolo[/sp] Level me up hackers v:v:v
[QUOTE=J!NX;47490716]that's why you use a really long master password, don't put in your account names into it (Aka only use the site name, and not account name, so they won't know what accounts you are on), and use a passkey file
you can also lock it so that only your windows user account can use it, which means they need my long ass master password, my key file, and my user account. So even if they had my master password, I'm fine
besides, I have extremely long passwords because of keepass, which is great
[editline]9th April 2015[/editline]
in fact, if you can crack this file, you can have everything in it
[url]https://drive.google.com/file/d/0B_gMG1oTusb_LVhoWXJQUVI0VWc/view?usp=sharing[/url]
the password is 15d65499-6920-4dc0-9dec-37c97e4a8093
have fun[/QUOTE]
well someone's feeling confident
[QUOTE=Fausty;47490847]well someone's feeling confident[/QUOTE]
its not like it has anything in it anyways
I'm not THAT dumb :v:
[sp]garry_can_chokeona_12"rustdick[/sp]
I don't believe it, but it's the passwords that you don't define or believe are the ones you would use, not just a phrase.
[code]ééRïüv[NÆ/¨½áØ¥ºùÚÿ£OÄ×ÌйÄì9EßUcqXZõôÔ¥%â夤Ýhç;½a-ÖùóÖ2jÚÄ¿Gﳶêà"}X)gô¯îna¨Ù·È§NB}ØÕª£óïZ&[ÈDS½õ¯Tx÷v~lmûSn%¿b»Ç¸Íúul'SæB/aaØDAXZÕbfÿ8ÃúÌÇÔ8kSÓ¬Ç0eÍÊ>'Yr2ø[äX·üY±sP8ÆFÙè,ÞO)6Û8~¤!?;=,¼L)!M·Ïa¯j,ü¼u[/code]
isn't strong enough
[code]hitlerdidnothingwrong420yoloswag[/code]
much better
[QUOTE=J!NX;47490969]isn't strong enough[/QUOTE]
thats a really good one
but then someone hacks into the server and gets your password because it wasnt stored/protected properly serverside
[I]still [/I]boned
[QUOTE=DChapsfield;47490655][img]https://imgs.xkcd.com/comics/password_strength.png[/img]
[U]always[/U] [U]relevant[/U][/QUOTE]
I wonder how many people read that and actually use 'correct horse battery staple' as their password. :v:
wheres that one flash game where you enter your password and it tells you how long it takes to crack it
[editline]9th April 2015[/editline]
[url]https://howsecureismypassword.net/[/url]
just enter something close to your password if you're paranoid
for example my password is ****** so i entered ######
[QUOTE=ROFLBURGER;47491312][url]https://howsecureismypassword.net/[/url][/QUOTE]
password123: A year
password12345: A thousand years
adminpassword: 19 years
guys I've found it
passwordpassword1: 2 billion years
today i learned that nigger is in the top 980 used passwords from being 12 and typing nigger into the password security test
[QUOTE=MoonlessNight;47491502]password123: A year
password12345: A thousand years
adminpassword: 19 years
guys I've found it
passwordpassword1: 2 billion years[/QUOTE]
passwordpassword12345678352532351251351351351351341341341341341423413454323632463256425624562456245624562456245724572467653756742632623534523525465465756642642562346256452624562456245624562462456245624562456457356756735673567356877246345134513453252352352352352354524572457245742876484678467835674567245736292482568247349512572137942571935174597136816535876814957814589613951309434581376145134581351823497217913953195834583975976346356743677676354787676544847565784374367
Infinity Years.
[quote]Length: 471 characters
Character Combinations: 36
Calculations Per Second: 4 billion
Possible Combinations: Infinity[/quote]
[QUOTE=Prism;47491049]thats a really good one
but then someone hacks into the server and gets your password because it wasnt stored/protected properly serverside
[I]still [/I]boned[/QUOTE]
We're talking Keepass here, not Lastpass.
Lastpass is probably more convinient being a browser extension, but there's no guarantee of serverside security. It's likely that they are encrypting it well, but still. Keepass is all local.
I have my Keepass db set up so that each password [I]attempt[/I] takes one entire second to verify. Brute force [I]that[/I].
Also, I use the password generator to create absurdly large and unique passwords for each site. If a site I use gets pwned, no harm to any of my other accounts.
[QUOTE=TestECull;47491288]I wonder how many people read that and actually use 'correct horse battery staple' as their password. :v:[/QUOTE]
Lots. It's one of the first combinations a dictionary attack will try.
[QUOTE=DChapsfield;47490655][img]https://imgs.xkcd.com/comics/password_strength.png[/img]
[U]always[/U] [U]relevant[/U][/QUOTE]
According to that website, the first one takes 4 trillion years to crack and the second takes [B]154 octillion[/B]
[QUOTE=Wormy;47491812]Can you write how to do this? Sounds like a good thing to do.[/QUOTE]
For KeepassX, go to database settings and read the tooltip for the clock icon.
[QUOTE=Hypershadsy;47491790]We're talking Keepass here, not Lastpass.
Lastpass is probably more convinient being a browser extension, but there's no guarantee of serverside security. It's likely that they are encrypting it well, but still. Keepass is all local.
I have my Keepass db set up so that each password [I]attempt[/I] takes one entire second to verify. Brute force [I]that[/I].
Also, I use the password generator to create absurdly large and unique passwords for each site. If a site I use gets pwned, no harm to any of my other accounts.[/QUOTE]
Lastpass uses your master password to encrypt your vault just like keepass. Even if somebody gets your vault, they can't use it without your password.
[QUOTE=Hypershadsy;47491790]I have my Keepass db set up so that each password [I]attempt[/I] takes one entire second to verify. Brute force [I]that[/I].[/QUOTE]
Is that even useful? Any serious brute force attempt would attempt to decrypt the database directly, not using the client software, I'd imagine.
I mean if it was that easy brute forcing would hardly be a threat at all.
[QUOTE=ROFLBURGER;47491312]wheres that one flash game where you enter your password and it tells you how long it takes to crack it
[editline]9th April 2015[/editline]
[url]https://howsecureismypassword.net/[/url]
just enter something close to your password if you're paranoid
for example my password is ****** so i entered ######[/QUOTE]
I once found a site like this, but instead of showing you an estimated brute force time, it told you to *not* enter your password on unknown websites as soon as you started typing - way better advice than this imo
[QUOTE=Hypershadsy;47491790]We're talking Keepass here, not Lastpass.
Lastpass is probably more convinient being a browser extension, but there's no guarantee of serverside security. It's likely that they are encrypting it well, but still. Keepass is all local.[/QUOTE]
Actually, if your data, LastPass only ever receives:
- your email address
- your already-hashed authentication credentials
- your already-encrypted password vault
Decryption happens entirely in the local client. Steve Gibson went over it extensively on [URL="http://twit.tv/show/security-now/256"]Security Now! episode 256[/URL] [URL="https://www.grc.com/sn/sn-256.txt"](text transcript)[/URL].
LastPass also [URL="https://helpdesk.lastpass.com/account-settings/general/password-iterations-pbkdf2/"]allows you to set the number of SHA-256 iterations[/URL] your credentials get run through, which also lengthens the time needed to make one attempt at cracking your master password.
[QUOTE=MoonlessNight;47492051]Is that even useful? Any serious brute force attempt would attempt to decrypt the database directly, not using the client software, I'd imagine.
I mean if it was that easy brute forcing would hardly be a threat at all.[/QUOTE]
Maybe the encryption contains something like this? -> [url]http://en.wikipedia.org/wiki/Proof-of-work_system[/url]
Free good password for first user to rate me: 4E@B3*jCM@e!WPfg
No one else steal, k?
[QUOTE=MoonlessNight;47492051]Is that even useful? Any serious brute force attempt would attempt to decrypt the database directly, not using the client software, I'd imagine.
I mean if it was that easy brute forcing would hardly be a threat at all.[/QUOTE]
KeePass doesn't actually use the master password as the encryption key, instead it does some transformations a certain number of times to get the encryption key. The more transformations it has to do, the longer it takes to get the encryption key.
See [url=http://keepass.info/help/base/security.html#secdictprotect]here[/url] for more detailed info
EDIT: Also when I set it to one second on my PC, it took about 15 for my phone, so bear that in mind.
I've always found having an algorithm is good
so you'll take the first 4 letters of the site you're logging on to: face
then you take a memorable word or two: CuntCrab
then you want a symbol: !
then you want some numbers: 420
faceCuntCrab!420
perfect system
[QUOTE=lope;47491835]According to that website, the first one takes 4 trillion years to crack and the second takes [B]154 octillion[/B][/QUOTE]
You'd have a point if dictionary attacks weren't a thing. Someone trying to bash their way into an account'll run a few iterations of that before they start simply bruteforcing it, so neither of those passwords is secure. I predict a few seconds, tops, is all you'd get out of those passwords given the popularity of that particular comic strip.
That being said, their [i]point[/i] is sound.
[QUOTE=ROFLBURGER;47491312]wheres that one flash game where you enter your password and it tells you how long it takes to crack it
[editline]9th April 2015[/editline]
[url]https://howsecureismypassword.net/[/url]
just enter something close to your password if you're paranoid
for example my password is ****** so i entered ######[/QUOTE]
[QUOTE]It would take a desktop PC about
26 quadrillion nonagintillion years
to crack your password [/QUOTE]
quite a mouthful.
Sorry, you need to Log In to post a reply to this thread.
