How many passwords do you use online?

[sn0w]

But again, what do I know, right?

Come on man I'm really not trying to be rude or to insult you.
If it seemed that way then I'm sorry.
Let's just stick to facts here since this is a public forum and not a private chatroom.

You do realize that there are such things as rainbow tables and lists of already hacked, usually most common, passwords

They do not work when the hashes are salted, and almost every software does that by default these days.
If you happen to find a really badly configured website, then yes you could use rainbow tables or hash-lists for it.

Also, why would you use SHA-1... SHA256/SHA512 are better.

I explicitly wrote that this would be an example of a badly configured website to show a lower bound for the cracking time.
Obviously using actually strong hashes like Argon2 will increase the time.

How is the article "misinformation"?

It wasn't really clear if are you aware of this beauty right here was supposed to mean "lol KeePass is bad" or "look at the junk ZDNet wrote".
If you meant the latter, I'd agree with you.
If you meant the first: While caching the master PW in RAM is certainly not a cool thing to do, accessing it requires running a program on your PC.
When a bad actor has software running on your PC they - by definition - have access to everything, so it's not really a good argument for discouraging usage of those PW managers.

 

[Tealk]

Obviously using actually strong hashes like Argon2 will increase the time.

And XenForo can use it.

 

[Antero360]

Come on man I'm really not trying to be rude or to insult you.
If it seemed that way then I'm sorry.
Let's just stick to facts here since this is a public forum and not a private chatroom.



They do not work when the hashes are salted, and almost every software does that by default these days.
If you happen to find a really badly configured website, then yes you could use rainbow tables or hash-lists for it.



I explicitly wrote that this would be an example of a badly configured website to show a lower bound for the cracking time.
Obviously using actually strong hashes like Argon2 will increase the time.



It wasn't really clear if are you aware of this beauty right here was supposed to mean "lol KeePass is bad" or "look at the junk ZDNet wrote".
If you meant the latter, I'd agree with you.
If you meant the first: While caching the master PW in RAM is certainly not a cool thing to do, accessing it requires running a program on your PC.
When a bad actor has software running on your PC they - by definition - have access to everything, so it's not really a good argument for discouraging usage of those PW managers.

Fully aware that hash tables do not work with salted hashes. but coming back to a list of commonly used passwords, what are the chances that regular joe shmoe does not use any one of them... does not matter what encryption service/ hash functionality you use... if you're password is on that commonly used password list.. you're SOL. As far as your uncertainty as to my comment.. I meant both, that Keepass is bad, and that "junk ZDNet" wrote.

 

[sn0w]

if you're password is on that commonly used password list.. you're SOL

Yeah sure, but that's not really the point of the discussion here.
Anyways, let's just "agree to disagree" before we clutter this thread any further.
If you want to reply to this, feel free to DM me.

 

[Tealk]

I meant both, that Keepass is bad

What exactly do you think would be better? The one described in the article is not a Keepass bug it is a User problem.
Because if someone has access to the computer then it doesn't matter how secure the program is because you have access to it.

 

[Ghost]

Please avoid name calling and/or talking down to other members. We are all a part of the same code family, so let's keep our disagreements civil!

The original thoughts behind this thread were that malicious web masters can steal your password no matter what it is, no matter how complex, etc because they can save it pre encryption. The only way to prevent this from giving an admin your password to other sites is to use a unique password on each or to use a browser/computer program that automatically alters your password for each site after you type it and before you press submit. The downfall of this is that those types of programs can prevent you from logging in if you are away from your computer.

Anyways, feel free to discuss passwords in general, but cite your sources for information, be civil, and be helpful.

 

[sn0w]

Yeah, sorry that your thread derailed like this.
Won't happen again.

 

[Tealk]

The only thing a little scorching is that for each "answer" a separate post was made.

 

[Ghost]

What do you mean ?

 

[Tealk]

I don't get it on a screenshot so then via link

How many passwords do you use online?

I wrote an article today that explains how pretty much any webmaster can steal your passwords online. It can be done with established software such as WordPress, XenForo, etc. Pretty much any site that takes your login information can store it without encrypting it to then access other online...

codeforum.org

How many passwords do you use online?

I wrote an article today that explains how pretty much any webmaster can steal your passwords online. It can be done with established software such as WordPress, XenForo, etc. Pretty much any site that takes your login information can store it without encrypting it to then access other online...

codeforum.org

How many passwords do you use online?

I wrote an article today that explains how pretty much any webmaster can steal your passwords online. It can be done with established software such as WordPress, XenForo, etc. Pretty much any site that takes your login information can store it without encrypting it to then access other online...

codeforum.org

 

[Ghost]

Well, telling you a password length definitely can help you if you try to get the password, but most brute force attempts are auto blocked anyways, so it's very hard to even get it. I don't think my article revealed anything because the article is just an example of a password algorithm, but doesn't actually reveal anything about my own passwords

 

[Ghost]

I agree - If a hacker accesses your computer, there are much easier ways to discover passwords & information.

 

[Ghost]

Ah, yes I understand now.
~ @Antero360 , if you post twice in a row it's better to edit your original post and add to it instead of double posting. Not a major issue though, but it is generally expected

 

[Nerdface]

I'm not going to say too much just in case..

Let's just say that I use a different password for the vast majority of websites I actively use.

 

[Dan-Kode]

Yeah, I think I use too many Passwords. I can remember my Password for so many other things and yet I can't even remember my damn GitHub Account Password!

 

[Ghost]

Haha, one thing I hate is using a new computer and forgetting a password and not having it saved. Of course, it's not always safe to save passwords, but some services don't require as much security and it can be a pain to remember the unique password for that...

 

[Dan-Kode]

I just recently got a new Phone and I had to reset it all because I forgot the damn pin.

 

[Deleted member 1442]

I remember my 20 digit minecraft password its 12345678901234567890
(jk its auto gen)

 

[Antero360]

good luck with mine lol... I have one master password.. 36 characters long...
each password I use is a variation of that password.. no less than 32 characters long..

[a-zA-Z0-9!@#$%^&./\] < all the characters I use... so again.. good luck and have fun lol

 

[LTomy]

good luck with mine lol... I have one master password.. 36 characters long...
each password I use is a variation of that password.. no less than 32 characters long..

[a-zA-Z0-9!@#$%^&./\] < all the characters I use... so again.. good luck and have fun lol

Well, telling us that makes it easier to crack it... haha. So it went from impossible to crack still to impossible to crack, but easier.