FAQ  •  Register  •  Login
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

Password Security for Noobs like me

<<

sandman

User avatar

Active Member

Posts: 352

Joined: Sun Aug 08, 2010 5:43 pm

Location: Texas

Post Tue May 10, 2011 11:11 pm

Password Security for Noobs like me

This is writen by a noob, for a noob, but it works for me. if anyone wants to explain the theory of 'bit encryption' as it pertains to passwords, and not the algorithm to encrypt whole documents, please do in a reply, myself and other noobs would benefit from it greatly!



im using a really cool program called KEYPASS that creates passwords for you, and stores them in a password protected file on your computer,

so i have about 15 passwords i use, all different, all 200bit encrypted so they look like this.... ÙòèÀͳ¹·"Ì63?ÄHÛ.ìS_?pÎíÐί[?í

but i only have to remember 1 simple password, that allows me access into the 'password saver/generator called KEYPASS

from there, i can just double click on the password that has been saved for a certain website or email, it is then saved to my clip board for 8 seconds , meaning

i can copy and past it into any password/username entrance to any website, but is not saved in my clip board (my copy and paste.) after i have used it, meaning, someone cant get on after
you, and do the same thing, and just copy and past into a password bar, and see your password. it only lasts for 8 seconds.

i can 100% customize my passwords to be as small as 10 characters long such as...

í?×®>åÙE5?
which has 70bits of encryption,

how is this usefull to you?

lets say you have a website or email account that asks you to choose a password... 6-20 characters in length, using 1 upper case letter, and 1 lower case
letter and 1 symbol... so you go to your 'keypass' which is the name of our application, generate a 20 character password, using all the features required..
and thus you will have

? x/L3KQk=`Ýä?$º°å´î

or something similar, you then save this password, with a username for that particular website, with the URL link, into
the keypass file. SAVE IT! otherwise it wont save it if you just blatantly close it. and the keypass file is saved as a seperate file in a folder of your choice, i personally
keep it in my documents file, if i was traveling with my personal laptop, i can then hide that particular file if need be as an extra added level of security.

anyway. what im trying to get at is,

my keypass file, holds a little over 15 very complicated passwords, their usernames for each password for the website, and the website URL (address)

but i only have 1 very easy password memorized, and thats the password to my keypass file...

BUT WHAT IF YOU FORGET THAT PASSWORD, OR YOU ACCIDENTALLY ERASE THE KEY PASS FILE, OR YOU COMPUTER GETS DESTROYED?

i periodicaly, about once a week, copy and past my new passwords/usernames, frequented websites into a Microsoft Word Document (wich is also password protected) and
i save a copy of that word document onto my thumb drive and my external hardrive.

however,

i can also have a keypass file ON my thumbdrive, or my external hardrive, because its not a software program, its just a sofisticated document file. (correct me if thats inacurate)
so i can copy and past my keypass, with all its passwords, while being password protected, on to my thumb drive, so i can check my email at the police academy or at the library or any where else.

if your interested in this, google KEYPASS or go to http://filehippo.com/download_keepass/ for a free download of it, it doesnt cost anything, its 100% open source from a trusted website that
offers opensource products.

take a look around www.filehippo.com for anything else you might need to beef up your computers security with AVAST for your anti virus, or COMODO for your fire wall, or SPYBOT for your anit maleware needs. or download OPEN OFFICE 3.4.0 if you dont have the money to buy Microsoft Word Office 2007 or 2010.

i can make passwords as long and as complicated as this...

Ø¥¼ö?Ó$õ?°Î!#»ìì¡°ÏzS!?òÚqÇ-?~h³ëO[´ ?߯yIùfS?}¯^ Ü Mgtç½Jp?`>Cé?¥?¹ ê¾` º

that is a 75 characters, and 480+ bit encryption algorithm

or this...

*8Ö??Ù?!ÊÐb@Ñ?N¿ÇÜ?m*'ÛdZ¢»? Á?ìú§ý×Eß_{g:¤?VÚ. pÆ #·&]%ÓÙj3(Pjѽ$õF4¼0³¥´XöÖ?ªã?t]c8¾p. VÆÀÃ?«òÖ7Õ¿í HÙïìQ() ?Nq lôn³Îç@'²<^?ѸÐhµ@Â-Â?°Ë±"ȪI? N=×?­Õrßx´Ã.ÏõK´Û9Ssé5?0îÜtáú8lù#?vsÌ%8?v±J6dkìϳJm»?â?ïváWR©êp?:x¹¨>+ñ³?1wm×j~E¤eê¶Þkþ#ZcÊ°¢ìâHÂLÆɳ© Ï?<,i.ÔÈøñwFâ¥)Þ.?¶çÇ 3òPµ¸ *kTGÃ1fgAúìîZ?ÁÕzÅiûC ±

that is 300 characters, and 1364 bit encryption algorithm

ive never seen the limit to the bit encryption of key pass, but it allows you to use a 10,000 character password if you wanted to.

and no BRUTE FORCE attacks or DICTIONARY attacks will ever crack your passwords.

just make sure your website will allow that many characters as your password, but you will be suprised how many do allow that many characters as your password.

also, play around with this, it takes a bit of getting use to., use it on websites that will send you an email with your password should you forget it, or in this case, should you accidently erase your KEYPASS file.
and back up every password into a word document file, that is password protected in turn, and labeled to be miss leading like 'comic book.docs' and password protect that with something simple like 'airplane'
if you have any further questions, or dont know how to password protect your word documents as a back up source, let me know.
<<

elbowmacaroni

User avatar

Site Owner

Posts: 1354

Joined: Mon Nov 16, 2009 3:28 pm

Location: Florida

Post Tue May 10, 2011 11:15 pm

Re: Password Security for Noobs like me

Well, given enough time and processing power a dictionary attack is possible regardless of length.
"Cave ab homine unius libri" - Beware of anyone who has just one book

(2014.02.09 - 23:26:03) huxleypig: i freaking love cream
(2014.02.09 - 23:27:11) huxleypig: hey, come on, cream is nice
(2014.02.09 - 23:27:37) huxleypig: aww, i suddenly feel very sick

(23:37:46) LocksmithArmy: you should see my school girl outfit
(23:37:50) LocksmithArmy: wait... what

(13:19:50) xeo: that chick will never be satisfied by a real dick
(13:19:54) NNFAK: I would man...

(22:59:49) PhoneMan: how do you let a forum die if users keep using it? kill the servers?

May those who love us, love us; and those who don't love us, may God turn their hearts; and if He doesn't turn their hearts, may he turn their ankles so we'll know them by their limping

If someone had prince albert in a can, does that mean they'd have a killer codpiece?

(00:52:02) WolfSpring: elbow could sell a sandbox to an egyptian
<<

sandman

User avatar

Active Member

Posts: 352

Joined: Sun Aug 08, 2010 5:43 pm

Location: Texas

Post Tue May 10, 2011 11:20 pm

Re: Password Security for Noobs like me

thank you, i was unaware of that, i guess anything is possible given the processing power, but i should always consider that through either means of stupidity, or social engineering, my security can always be breached and nothing is 100% secure. thanx elbo
<<

Egeste

Familiar Face

Posts: 28

Joined: Fri Apr 08, 2011 4:24 pm

Location: San Mateo

Post Tue May 10, 2011 11:27 pm

Re: Password Security for Noobs like me

The official site for keepass (not "keypass") is http://keepass.info/

I wrote a blog about backing up your keypass database, and syncing it to your mobile device here on OSX. Also, http://www.egeste.net/2011/03/automatin ... -database/

You should look into automating backups for your keepass database in case you lose it or it gets corrupted. Also, saving your usernames/passwords in excel or word defeats the entire purpose of using keepass, as word/excel is not encrypted, where a keepass database is encrypted.
<<

Dopug

Familiar Face

Posts: 162

Joined: Thu Mar 24, 2011 9:55 am

Location: United kingdom

Post Wed May 11, 2011 1:15 am

Re: Password Security for Noobs like me

a program like keepass wouldnt protect you from things like keyloggers would it?
<<

sandman

User avatar

Active Member

Posts: 352

Joined: Sun Aug 08, 2010 5:43 pm

Location: Texas

Post Wed May 11, 2011 2:27 am

Re: Password Security for Noobs like me

i dont know, ask elbo or xeo

i guess it would depend on the keylogger, and when it was installed, the key pass just a copy and past, so depends on the keylogger and what its logging, but most should be recording whats on your clip board. good question.
<<

xeo

User avatar

Catministrator
Catministrator

Posts: 2180

Joined: Mon Jul 19, 2010 9:30 pm

Post Wed May 11, 2011 6:05 am

Re: Password Security for Noobs like me


<------ Serious cat is serious.

1. Use the longest password possible

2. Use a combination of uppercase, lowercase, numbers, and special characters (i.e. !@#$%^&*)

3. Do not use any words or numbers associated with personal information (i.e. birthdate, address)

4. Use a different password for EACH WEBSITE (do NOT make the passwords related)

5. DO NOT USE ANY PASSWORD STORING SERVICE (I don't fucking trust anyone)

6. Do not give your password out to ANYONE. Including your mom or wife.

7. Do not write your password down and leave it on your desk.

8. Do not listen to Egeste

9. When setting up 'secret questions', always use fake/false information, never use actual real answers. Add random letters and special characters. For example if the question is 'Where did you live as a child?' make the answer something like: fj2p34jifWRFG@_(F!JFEKWJ and you're good to go.

10. Do not use zigzag patterns on the keyboard like: 1qazxsw23edcvfr4 (There are password lists of every possible keyboard creative-zigzag combination)

11. DO NOT KEEP YOUR PASSWORDS STORED ON YOUR COMPUTER!!!!!!!!!!!!!!!!!

Examples of bad passwords:

balloon
password
sandman123
sandman1975
dildo2011
abc123
green173
sandman!
!sandman

Examples of good passwords:

jd@DKo49dfk0!!
jf3!FJ1F$@JGP#%9j
dj!_#FJ$Idsjf31p

Starting to get the picture...?




If you're worried about keyloggers (which is a completely separate issue), then I suggest having a thumbdrive bootable linux distribution which you use for online banking and other critical things. If you obey rule 4 and you're keylogged, your bank account won't be affected.
Image
The code is hidden in the tumblers. One position opens the lock, another position opens one of these doors...
http://www.youtube.com/xeotech1

(ノಠ益ಠ)ノ彡┻━┻

░░░░░░░░░░░░░Image
<<

sandman

User avatar

Active Member

Posts: 352

Joined: Sun Aug 08, 2010 5:43 pm

Location: Texas

Post Wed May 11, 2011 8:14 am

Re: Password Security for Noobs like me

how did you know i use 1975 as one of my fake birthdays?

i almost choked on my water when i read #8, your fucking hilarious bro!
<<

Scrince

User avatar

Familiar Face

Posts: 128

Joined: Thu Nov 04, 2010 1:25 am

Location: California

Post Sat Jun 25, 2011 2:47 am

Re: Password Security for Noobs like me

If you have a password that has 2 uppercase, 2 lowercase letters 2 numbers and 2 symbols the password automatically falls under the 256 aes encryption standard. If you know anything about aes 256 ots pretty inpossible to crack. Just giving you a tip so you dont have to encrypt all your passwords.

[EDIT - Elbow: Don't hold strong opinions about things which you do not understand, and don't give advice when you are just pulling it out of your ass like a neverending tapeworm. Thanks, and have a wonderful day :smile: ]
A spy is just a criminal with a government paycheck.....
<<

piotr

User avatar

Contributor
Contributor

Posts: 738

Joined: Thu Nov 25, 2010 3:59 am

Location: Victoria, Australia

Post Sat Jun 25, 2011 7:32 am

Re: Password Security for Noobs like me

Bigdipper08 wrote:If you have a password that has 2 uppercase, 2 lowercase letters 2 numbers and 2 symbols the password automatically falls under the 256 aes encryption standard.


What!? Advanced Encryption Standard (AES) specifies a symmetric block cipher cryptographic algorithm. The term "password" doesn't even appear in FIPS Publication 197. AES is not a standard for selecting passwords, it is a standard for implementing a particular cryptographic algorithm. A password with "2 uppercase, 2 lowercase letters 2 numbers and 2 symbols" has nothing substantive to do with AES (256 or otherwise).

If you know anything about aes 256 ots pretty inpossible to crack.


So you are suggesting that a password with "2 uppercase, 2 lowercase letters 2 numbers and 2 symbols" is pretty i[m]possible to crack"? That is an ok password but it is far from impossible to crack. Actually, an 8-character password with the above constraints would be comparatively easy to brute force (that is compared to an 8-character pseudorandom password that can contain any number of characters from each of those sets). AES 256 may be hard/impossible to crack but a "password that has 2 uppercase, 2 lowercase letters 2 numbers and 2 symbols" has nothing to do with AES 256.

Just giving you a tip so you dont have to encrypt all your passwords.


This is a bad piece of advice that appears to be predicated on a fundamental misunderstanding of what comprises AES. AES has nothing to say about selecting your passwords, so lets set that aside. You are just offering a mundane password selection hueristic and (arbitrarily and erroneously) attaching "AES 256" to it. I don't know whether you are being dishonest or actually that severely mistaken. In any event you should know that there are many IT professionals on this forum so you can't just throw around jargon like "AES 256" without actually knowing what you are talking about.

The best (i.e. strongest) passwords are those that are (pseudo)random, are as long as the application will permit and comprised of all available characters. These would have to be kept in a password safe or some other encrypted form because they resist memorisation. Using passwords that merely consist of "2 uppercase, 2 lowercase letters 2 numbers and 2 symbols" will not give you the same degree of cryptographic strength.
<<

xeo

User avatar

Catministrator
Catministrator

Posts: 2180

Joined: Mon Jul 19, 2010 9:30 pm

Post Sat Jun 25, 2011 1:42 pm

Re: Password Security for Noobs like me

Bigdipper08 wrote:If you have a password that has 2 uppercase, 2 lowercase letters 2 numbers and 2 symbols the password automatically falls under the 256 aes encryption standard. If you know anything about aes 256 ots pretty inpossible to crack. Just giving you a tip so you dont have to encrypt all your passwords.



I really don't understand what you're talking about... are you talking about encrypting the AES symmetric key (either 128, 192 or 256 bit) using another cipher which requires a password? There is no 'password' for an AES256 encrytion cipher other than the symmetric key block itself which by itself is very difficult to break. The "PASSWORD" for an AES256 cipher text would be a 32 character string of bytes (32 bytes times 8 bits = 256 bits).

Example AES256 key (ASCII, 32 bytes * 8 = 256): wpivcjF@(RV_(WE@C!fverjv35-09fj1

Example AES256 key in hexadecimal notation (64 characters * 4, 4 bits = 0x0 to 0xF): A36FE83FD1645A5DD3A9A4C76724749AD5281136B2AB1697AB5010E4CECAD2E7

The same rules would apply to this, don't use an idiotic string of characters for your public or private key.
Image
The code is hidden in the tumblers. One position opens the lock, another position opens one of these doors...
http://www.youtube.com/xeotech1

(ノಠ益ಠ)ノ彡┻━┻

░░░░░░░░░░░░░Image
<<

HallisChalmers

Lord Emeritus of Keypicking HallisChalmers

Posts: 2070

Joined: Mon Apr 28, 2008 2:46 pm

Location: Hell

Post Sat Jun 25, 2011 2:02 pm

Re: Password Security for Noobs like me

duh...hexa what?...english damn it...me no speako hexo.... :shock:
<<

xeo

User avatar

Catministrator
Catministrator

Posts: 2180

Joined: Mon Jul 19, 2010 9:30 pm

Post Sat Jun 25, 2011 2:10 pm

Re: Password Security for Noobs like me

HallisChalmers wrote:duh...hexa what?...english damn it...me no speako hexo.... :shock:



Decimal is base 10... numbers 0 through 9.
Hexadecimal is base 16.... numbers 0 through F, F representing 16, or actually 15. It's a different way of counting.
Binary is base 2... 0 or 1
Image
The code is hidden in the tumblers. One position opens the lock, another position opens one of these doors...
http://www.youtube.com/xeotech1

(ノಠ益ಠ)ノ彡┻━┻

░░░░░░░░░░░░░Image
<<

james504

User avatar

Familiar Face

Posts: 172

Joined: Sun Apr 10, 2011 8:25 pm

Location: houston

Post Sat Jun 25, 2011 2:56 pm

Re: Password Security for Noobs like me

WOW! .....lol
http://www.youtube.com/user/MsJames504
<<

MBI

User avatar

Site Owner

Posts: 1545

Joined: Thu Apr 03, 2008 9:25 pm

Location: Utah, USA

Post Sat Jun 25, 2011 11:28 pm

Re: Password Security for Noobs like me

Bigdipper08 wrote:If you have a password that has 2 uppercase, 2 lowercase letters 2 numbers and 2 symbols the password automatically falls under the 256 aes encryption standard. If you know anything about aes 256 ots pretty inpossible to crack. Just giving you a tip so you dont have to encrypt all your passwords.

[EDIT - Elbow: Don't hold strong opinions about things which you do not understand, and don't give advice when you are just pulling it out of your ass like a neverending tapeworm. Thanks, and have a wonderful day :smile: ]


I actually lol'd. Sorry, but I did. Couldn't be helped.
Next

Return to HAL 3000 - Computer Geeks

Who is online

Users browsing this forum: No registered users

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware