New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Wouldn't they be getting that regardless of how the passwords are stored?
And kpcli isn't in the debian repos, so its still more work installing than I'd like to deal with (yes, I'm lazy, I already know, please don't tell me )
I use a few different pubkeys and save the SSH IP + Port in a text file on a flash drive with the pubkey username.
I don't trust other providers with my account details.
No. Your KeePass database may very well have passwords for services that you haven't used for months/years, or have effectively already abandoned.
sighs
On screen keyboard for this one.
And @joepie91 is right, I thought of that also one time and then switched to keepass. Make sure you backup the keepass file regularly, I've had more than 1 file corrupting on me...
For command line junkies, I recommend password-store....a thin wrapper around shell commands and gpg2: http://zx2c4.com/projects/password-store/
@joepie91 Like I said I pull a random subset of a string from GRC. Plenty secure
Hmm, how does it secure your stored passwords? It's not really clear to me from reading the page.
As I already explained, that means GRC has your password, even if it's just a random subset. Further, I see no reason to use GRC instead of the built-in password generator in KeePass (or some other locally run script). GRC doesn't even offer truly random passwords, so it literally does not provide you with any extra security.
You are basically giving up part of your security/password strength, without gaining any additional security. Not a very good idea.
KeePass
Security through obscurity for me please.
sha1 hash of a md5 hash of a base64 encoded password.
Excel and google drive and password protecting file itself . Really happy to understand that, I will no longer have to log into multiple server every other hour. I AM FREE!
This
And I thought I was paranoid... I use passes like INeverForgetMyPasswords! If possible I add spaces.
I mean, WTF, if I have the government against me, a good pass/keyphrase/encryption etc will probably not help me much, they dont really need evidence. It is better not to put your life online than having to protect it with passwords.
M
password1 > base64 encode > md5 hash > sha1 + salt
forgot to add salt
You should move base64 to the end so your password utilizes the full alphanumeric character set instead of just hexadecimal.
I just save the email with the account info
"randomwordsiremember""website'sname""website'snamebackwards""randomsentenceiremember""yearregsitered"
so it'll be like
"applelettelhieveryonehowareyou2012"
That should be more than enough to put people off using brute force or dictionary based attacks....
It uses a gpg key you provide when running 'pass init' to initialise new password storage. So either use an existing gpg key or create a new key using gpg2 --gen-key. The crypto algorithm used (RSA or DSA) and keysize is selected during key creation.
@joepie91 You must be really fun at parties. I don't use keepass soley to generate, store, and secure my passwords because I'd rather not keep all my eggs in one basket. Have you reviewed the keepass source code? GRC does not have my password because I append my random string to a subset of their random and they don't know where/how I use my passwords. It sounds like your worried more about password security then the security of the front door at home.
mRemoteNG!
I'm scared to admit that I use lastpass now <_<;
Source?
If you generate a GPG key with password, doesn't that mean you have to enter your master password every time you want to retrieve a password?
Really? Trying to ridicule me because I'm pointing out flaws in your security? Very mature...
That makes no sense whatsoever.
I have, actually.
First you 'use GRC for a random string', then you 'use a subset of the random string from GRC', and now you suddenly append random stuff yourself? Which is it?
Considering I have very few physical objects of value, if any at all, and the data I protect using encryption is more valuable to me than that, that doesn't seem like such a strange approach. Not to mention that I'm not only responsible for my own security, but also for that of others. Something about being a developer and stuff.
pass = providerName + planName
Actually, he is quite fun to hang around with. And how nice of you to attack someone personally when a discussion is noit going in the direction you might want it to go.
Keepass can export to text and xml, gpg / encrypt that file, done. Or, import it into lastpass.
So what is it? And it seems you use keepass to store and secure your passwords, maybe just not generate them.
pass = echo "providername+planname" | shasum
KeyPass for me.
:-)
Google Spreadsheet with 2 factor authentication + Public/Private keypairs.
You can do it that way or run gpg-agent and have it cache your key password(s) for a configurable time. Different password stores can be created for different types of things (e.g. to separate banking from vps login). Docs here: http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html
I use evernote.com.
Why would you store unencrypted passwords for your servers on a third party service?
+1 for KeyPass.