New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It will be 18 years next year, but admittedly I'm spending less time on pure crypto each year and more time on using it on projects like FR, which don't require very advanced stuff. But I still keep myself updated on new algorithms or papers because it's something I enjoy.
I've stopped developing FR further last year and started over with a completely new code base. I agree it's pretty terrible in its current form.
Provider validation is in the works, but it's just a little more than domain validation. I don't think I can actually verify if someone has been in the business and successful, or if they just put up a hosting template with some oversold packages.
But I'm developing a multi-vector community voting, so people can shoot down untrusted providers.
As for a regulated entity, I've set up a EU company but didn't do much with it yet, I'm still working on the new code.
My father and mother were both artists, both graduated from college with degrees as painters.
I've done my fair share of Bob Ross'ing when I was young but I'm actually ashamed of how little I progressed in the visual arts.
But my wife loves how I'm an artistic nerd so there's that.
KeePass with your db file in dropbox/nextcloud/owncloud/webdav
/r/iamverysmart is this way >> boop <<
I thought the entire LET forum was it.
This is very old and very powerful product. This app used in many mega popular antivirus companies as password manager (just changed a skin). I mean antivirus companies bought license for using software but with their own logos which is based and is totally copy of sticky password. It's not cheap, and never was. Its very easy to use, and the app is very stable.
Every surface is a mirror for you.
So then, here's a question for you.
I had an idea - and I am not a crypto developer - to manage passwords this way:
Take a good, complex master password
For each password you want, append something unique but memorable - e.g., the site's domain name.
Hash the two together using a public, well-regarded algorithm (e.g., SHA)
Use the resulting hash as your password.
So (using a poor master password example):
$ echo 'MasterPasswordlowendtalk.com' | shasum -a 512256
2d2e580914aef0f2cfd336bf35f10212ddfcd179366178f5e9bef89bc6e80fb4
Leak of the master password is a bit more catastrophic - it's not just a "vault unlocker" but part of the password computation, so if it gets into the open, anyone can figure out all your passwords.
Another problem is that you get a password longer than most sites allow (40-64 chars).
But you do get (a) only one password to remember, and (b) a different password for each site.
Again, IANAC...
FYI, I got a response from
@WSS's crotchAgileBits:As you mentioned in your email ("...the previous Mac/Windows bundle..."), that product no longer exists; the Mac/Windows 1Password bundle was sold for a fairly short time and is no longer available. At this very moment, only 1Password 6 for Mac licenses are available for sale. The decision was made earlier this year to stop the sale of licenses for 1Password 4 for Windows. Though wonderful in its time, we couldn't, in good conscience, continue to sell a product that was no longer being developed. If you're interested in a license for 1Password 6 for Mac, they can be purchased in our store (https://agilebits.com/store) or via the Mac App Store when 1Password is set up in a standalone state. If you're looking to use 1Password in a standalone state on a Windows PC, you will need to wait for the release of 1Password 7 for Windows which will unite suppot for local vaults and our accounts. I don't have a timeline for that right now but we're hoping for early next year.Note that I wasn't asking about iOS. 1Password continues to be available there. I've never looked at Android.
For some reason, LET doesn't allow me to post a long response, so I'll put it in parts. Sorry for spamming.
You say you have a question for me, but you didn't put a specific question, so I will comment on the overall idea. If you have follow up questions, I'll try to answer them as well.
TL;DR is at the bottom. Also a strong counter-argument against this method is there.
I recommend one hidden password, and multiple master passwords. Hidden is a password that's read from a storage, instead of typed everytime, just to prevent keyloggers, nothing more. Hiding it on disk is obviously not a good security measure, but it defeats keyloggers as well as over-the-shoulder spies.
Multiple passwords is for making sure if someone hacks your email passwords, they don't also have your banking passwords. You can use the same password for all email accounts, but use another password for banking, and another for servers, etc, to lower your risk. The whole idea is to remember fewer passwords, but lowering it all the way to 1 is risky by itself.
You'll probably want to add username and a password version, but the scheme is pretty irrelevant.
SHA isn't a very good pick.
It's too fast. If I operate fraudrecord.com and if I know you registered using your SHA password, I can grab your hashed password from the submit form, and run a bruteforce attack. Bruteforcing SHA can be done at billions/second speeds.
Variations of SHA (such as double salting and hashing) are better because the attacker cannot use pre-computed rainbow tables, but hiding the algorithm is security through obscurity, which isn't security at all. Whatever your password generation algorithm is, you should assume it's public knowledge. So, in your case, I'll assume you are using plain SHA, and I can modify my brute force code accordingly if you are using any custom modified SHA. Custom algorithms are only good for preventing rainbow tables.
I can bruteforce your MasterPasswordlowendtalk.com password easier than it looks, because I'm already assuming you have lowendtalk.com somewhere in it, and I just need to bruteforce the hash.
If I get two of your password hashes, for "MasterPasswordlowendtalk.com" and "MasterPasswordwebhostingtalk.com" and I know which site you are using them on, I still need to bruteforce one of them. So, you are as secure as your master password only, not the rest, even if the rest contains usernames and versions and the like. They are pretty easy to guess.
One other thing is SHA is vulnerable to length extension attacks. This is a very serious vulnerability but little known outside crypto community. If I have your hash for MasterPasswordlowendtalk.com but I don't know the original input, I can use this attack to create the correct hash for MasterPasswordlowendtalk.com+some_more_input as well. I never need to know the original input (except, in some cases, input length).
For a password algorithm based on appending stuff after some other stuff, a vulnerability that allows an attacker to append even more stuff may allow them to create valid hashes for you. SHA-1 and SHA-256 and SHA-512 are all suspectible to this attack. SHA-3 is safe.
For SHA-1, you can simply use HMAC scheme. It is similar to this:
password = sha1(masterpassword + sha1(masterpassword + input))
This will allow the length extension method to crack the outer hash, but it's useless because they need to append to the inner input.
Anytime you ever consider using salts for a SHA-1 hash, you must use the HMAC scheme. Simply prepending to the salt is not secure for anything, for any type of authenticity check. An attacker can simulate arbitrarily longer inputs and create valid outputs.
At the end, the main objective is picking a master password that's hard to crack, with a safe algorithm. Double-sha1 is safe against length extension compared to single sha-1 but it's still way too fast and it can be parallelized for GPU processing (thousands of parallel threads).
Your algorithm should be slow, and require lots of memory. Today, you should pick Argon2. Yesterday, you should have picked bcrypt. There is also scrypt but bcrypt is better for reasons.
Bcrypt is awesome because it has a specific place for a salt (master password). You don't need to think about where to put your salt in, it's built into the algorithm. As long as you use the same salt, you generate the same output. Note that for storing user passwords ina database, you let the algorithm pick a random salt each time. But for generating passwords for yourself, you pick a custom salt and stick with it.
Bcrypt and Argon2 are designed to be slow and memory-heavy. Memory heavy means a GPU cannot run 1000 copies of it simultaneously, if every copy requires 100 MB memory. The attacker needs to go back to CPU. Argon2 is better because you can individually pick the required memory, repetitions, and parallel processor cores. Bcrypt has a single difficulty level and it affects memory and CPU together. With Argon2, you can adjust the algorithm depending on your computer's CPU and memory and try to hit the limits.
There isn't an easy way to use SHA-1 in a memory-heavy way. Whatever scheme you create (such as using 100,000 iterated hashes, and storing them in memory, and accessing them in random order), your attacker can store a tiny amount in memory and recreate the rest of the memory by re-hashing every time. You concieve a way to create a 100,000-hash memory that requires 100,000 hashes to be stored in memory, but your attacker will store just 100 hashes in memory and make 200,000 calculations instead. They will trade memory for processor cycles, which they already have in abundance on a GPU. That's why designing your own scheme is not recommended. You design for ease of use, the attacker finds a way around your comfortable algorithm.
Luckily bcrypt, scrypt and argon2 don't allow this, they can't be simplified in memory. So, you must use one of those, not single, double or 100,000 sha-1 hashes.
story continues at the next post ->
Every character in that output is just 4 bytes long. Any website that accepts 20 characters at most (I'm looking at you, Paypal.com) will be using 80-bit passwords in this case. What you need to do is make every character 6 bytes worth. Luckily base64 is a great function for this. You convert "2d2e5809..." to binary data, where each character is 8 bytes, then convert it to base64. You'll have a larger sample (0-9, a-z and A-Z) plus two punctuation characters, such as dot and dash. Paypal will be accepting 120 bit passwords in this case (20x 6 bits), which is pretty damn secure.
You simply use the first 20 characters, you ignore the rest of the output. If you used a good hashing algorithm, every byte is already connected to every other byte, so ignoring half the output is no better than trying to use that half, such as XOR'ing two halves into one password or other misguided shenanigans.
Correct, if one of your passwords is cracked, then every other password is vulnerable. That's why you should use a good master password (in fact, one hidden password stored on disk and one typed each time by you), and an algorithm that cannot be brute forced easily (Argon2, bcrypt, scrypt).
Again, going all the way down to 1 password isn't the best idea, one should at least use a different password for groups of services, such as email accounts, bank accounts, server logins, etc.
Here is a very strong argument against this hash-based password generation:
If some office-colleague somehow learns your master password(s), you can't change it. If you had used a vault, and you accidentally told your friend your password, you could immediately change your vault password and protect the rest of the passwords. But if all your passwords depend on a master password, then you will need to change all your account passwords on all websites and banks and servers. It's infeasible. That's why it's really important to have a hidden master password that's not displayed or typed on screen, and difficult to accidentally reveal to someone. It's still risky, but less risky.
I took this risk, by encrypting my hidden password with yet another password. It starts to sound too many master passwords, but it's still pretty easy to manage.
When I start my password manager software on my computer, it stays in the tray (I use windows because photoshop). When I first start it, I enter my decryption password, then it reads from file system an encrypted file, decrypts it using my key, and uses the decrypted password as the strong master password.
If someone accidentally sees my decryption password, I change it immediately, which prevents my colleagues from being able to read the encrypted file. By changing my decryption password, I can protect my master password. I only enter my decryption password once a session, and using windows' hibernation feature, a session can last for weeks.
This method is safe for me because I'm working home office, without anyone seeing my passwords, and I'm keeping my computer clean of viruses. In ~7 years, I never needed to change my hidden master password.
I consider that if someone spies on you, or installs keyloggers on your computer, you are vulnerable even if you used vaults instead of hashes. Hash method is more vulnerable only if you fail to immediately realize that someone else have acquired your decryption password. And if you fail to realize someone is stealing your passwords, then a vault will not protect you either, because it's also secured by just a password and your friend can steal your passwords before you realize they have your password.
TL;DR:
Do not use SHA. Not because it's broken (it's not) but it's easy to brute force, difficult to make memory-heavy, and susceptible to length extension attacks. Double-SHA prevents length extension but not much more. Use Argon2, bcrypt or scrypt (in this preference order).
Use a few master passwords. One hidden password to prevent keyloggers and office-colleagues from seeing it, and some other master passwords for other services.
Encrypt your master password with a decryption password, and ideally enter that password once a session, not every time. This will get your security closer to a vault-based system, where your passwords can also be recovered only if your decryption password is revealed. In both cases, you may have time to change your decryption key before someone accesses your passwords.
If you don't have strong secret-keeping skills or a dirty computer, you may lose all your passwords at once. But that's the case for the vault method as well, with what I consider a marginal difference. I trust vaults only 99%.
Vaults may have end-user encryption and all that technical security which prevents them from seeing your password even if they want to, but my remaining 1% of mistrust is not against their technical expertise. It's against their possible evil plans. They may employ end-user encryption one day, which passes all technical checkpoints for perfect security, but the next day NSA may raid their offices, force them to push a software update that collects passwords, and it may take a couple of days before the we puny humans realize they do not offer end-user encryption any more. No one can claim that NSA/Russians/Aliens/Satan will not raid their offices and force them to modify their software.
Instead of trusting that a remote company will not install a backdoor into their software, I choose to encrypt my hidden master passwords. I consider it safer, but it's not for everyone, and it must be implemented perfectly.
By the way, if I ever release my SallaPass software, which is not simply a hash generator, but also has the ability to access encrypted hidden passwords and all that crap, I will have to release it as open source, without automated updates. Otherwise I do not offer any more security than a vault software.
Just use LastPass from the LogMeIn company you fucking cunt. It has a free tier. Why do you want to complicate yourself with more bullshit?
Tidied up the thread by removing fatbunny stupidity.
Its been thought and done 20 times over and Harzem had implemented his own with his own improvements.
There are some issues in terms of usability.
Such as password breaches, these can be mitigated with a password change but ideally you could only change your master password unless you are gonna remember it in the domain or username each time.
Each website has their own password restrictions so you would need to save those restrictions, making it similar to current password vaults.
In case your master password is compromise, the effort to change all the websites that use you password would be overwhelming if you are in the hundreds for accounts.
Public algorithmic generated passwords can be solved if not implemented well, as sites easily breach email and passwords on a daily, they may have enough to just guess your master password and have free reign to all your sites without ever touching you.
It comes down to how useful this is to you, though not perfect at all.
2FA with a local salted code and a secondary external hash required which is not easily targeted (ala SMS/etc) isn't bad. Of course, things which have a hardware key and are not easily cracked would be much better, but we're talking about services that cost less than $xxx/yr..
This is the drawback of paper based schemes. My passwords are stored in a way where it is hard/impossible to know what they belong to but still the thought of them getting lost/being stolen during travel gets on my nerves sometimes. If i'd travel more i'd probably be thinking about alternatives.
You can reset all passwords if you can login to your email account, usually.
So just remember your one hard-to-guess email password and, if it so happens that you lose your paper, you can still recover rather quickly.
The idea of passwords is a false sense of security in the first place..
...ssh, then everyone will know
Yeah kinda. Still having to boot a bunch of servers into rescue mode to be able to reset passwords is not exactly my idea of fun also if the harddisks are encrypted it's game over. Still outside the travel problem paper makes me feel safer than any electronic method ever could.
I will buy Dashlane Premium. Does anyone want to share their referral link so we can both get $20 (i think that is the promotion)?
What did you end up choosing @Nekki?
I’m trialling a few at the moment.
1Password feels a touch clunky in everyday use, and the browser integration is very weak.
Dashlane is nice and slick, but the browser plugin is a bit fucking nuts and keeps asking to save shit I wouldn’t want to save and occasionally missing logins.
LastPass is so far leading the race; fairly slick and straight-forward, plus the browser plugin catches all the logins and doesn’t keep asking me to save weird shit.
I need to crack on with the iOS/Android evaluations next.
@Nekki id still recommend you try out Bitwarden. Im pretty impressed with the browser and Android (best ive seen so far, but my only comparison for Android are various keepass apps) integration. And you dont need to host it yourself if you dont want to.
I've got a Bitwarden account, the killer at the moment is that there's no Safari plugin, so no use for my wife.
Business does, you get a vault for company stuff and one for personal.
Very expensive when compared to the lastpass/1Password family plans at $4/month/user.
Fair enough, I stopped using it because of the lack of Linux support and as you say expensive.
Paper and pencil, man. With crayons you can even design a secret color coding to make things less transparent. Low budget, you'll still have money to feed your kids. :-)