New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I use both Lastpass, Dashlane and Truekey on laptop. On ios, Android I use Lastpass, Truekey.
Congrats on your first post
What's wrong with using built in chrome password manager ? or Firefox.
Well, did not notice this before, always use KeePass.
Just saw that KeePassXC does not support plugins and has a 40 Mb install file for windows... I will pass and keep my small size KeePass.
Does brute-forcing passwords in modern systems really work, though?
Every significant system that I use - from web sites to computers to bank accounts to email, etc. - only allows so many attempts before your account is locked and you have to use a different method to unlock. If you try to login to my bank and use the wrong password many times, the account locks and you have to call customer support. Etc.
Even on your typically vBulletin forum where logins are frozen for 15 mins, how many attempts against an 8-character keyspace are you going to get in a day?
Obviously very different if we're talking about a piece of encrypted communications that you're going to analyze around the clock for days - I get that.
Simple looking question that however is quite complex to answer.
For a start we must differentiate between a concrete attack and an algorithmic (or in a way "theoretical") attack. Concrete or real world attacks virtually never attack the crypto but implementation (of crypto, software, libraries, OS).
Algorithmic attacks almost always have a second property which is who thinks about and researches them -> cryptologists - who - and sensibly so! - are worried about surfaces that are a bit out of this world (but at the same time potentially "mega-killers").
While having a popular (or populistic?) component, dangers arising from quantum computers actually are 99% in the academic world and (for quite some time) will not have any practical significance. But still academics and certain organisations who are extremely concerned about any potential security risk, like secret services (e.g. NSA) actually want to be prepared.
Grossly simplifying one might say that most defenses against concrete attacks, e.g. time barriers after say 2 failed log-in attempts, are similar to "putting yet another piece of sheet metal around your door lock"; their goal usually is to decrease risk.
Re algorithmic attacks and crypto research the goal typically is risk exclusion which is an approach very different from practical defense against concrete attacks.
So, you are right, quantum computing (and its presumed capabilites) are very little to do with concrete attacks - but - and that's important - post-quantum attacks might break the very core of pre-quantum crypto. The classical example is "RSA and ECC will be broken!!!".
That said, I should underline again an important property of security/crypto research: extreme goals. The typical goal usually is not simply security but provable security, verifiable absence of attack surfaces, and resilience against attack beyond what seems to be reasonably expected today and even tomorrow.
Nice example: There is a seemingly eternal striving for "100% perfect" random number generators although even PRNGs that are said to be simply predictable in fact are good enough for 99.7% of all cases (we happen to know that because even today quite a few languages have utterly poor quality PRNGs in their stdlib yet there was quite little and rarely actual harm created).
Probably the most effective real world protection almost all of us enjoy, practically speaking, is in the fact that we are very boring targets for e.g. the NSA, hence it's not worth to crack (predict) even a poor PRNG we employ or to crack say yester-decade RSA-512 keys.
At the same time it should be noted that we almost all are extremely vulnerable to low to mid level attacks, typically by organized and/or knowledgeable criminals, due to the grossly poor quality of pretty much the full software stack.