|
my office is a big fan of the lastpass feature where you enter a new password and then it shows up for everyone but you for 10 minutes
|
#
?
Mar 10, 2017 00:27
|
|
|
|
| # ? May 17, 2024 04:08 |
|
|
fins posted:Also realised that some user's names that are redacted could be recovered from the copyright strings on this page: they redacted all person names not just the ones known to be cia: they chose false positives over false negatives. the three guys you can deanonymize from that page (they're mark adler, william lefebvre and jouni malinen btw) are only referenced there, and their user ids are sequential, suggesting they're a false positive and unrelated to cia (or at least, no relation can be proved from the leak alone)
|
|
#
?
Mar 10, 2017 00:51
|
|
|
El Mero Mero posted:What do people think of dashlane? Or is 100% of the game split between KeepAss, 1pass, and LastPass these days? this was the first one i ever used and i changed to lastpass because dashlane is clumsy
|
|
#
?
Mar 10, 2017 00:58
|
|
|
Plorkyeran posted:my typical experience with lastpass is that i try to log in, get an error about the browser plugin being out of date, try to update the browser plugin and have the installation fail, and then i just bother a coworker to give me the password instead the solution to that is to uninstall the plugin of course to download secret files you'll need to use the desktop client which is a whole nother dumpster fire experience there is usually launch app, log in, the app crashes silently, launch again, vault unlocks without prompting 
|
|
#
?
Mar 10, 2017 01:25
|
|
|
keep rear end x 
|
|
#
?
Mar 10, 2017 01:30
|
|
|
Rooney McNibnug posted:keep rear end x this ain't a password manager xxx
|
|
#
?
Mar 10, 2017 01:38
|
|
|
at work we use bitium and it's super weird because you go to a web portal and all the sites you want to use are "apps" and you click one and it does some browser magic and logs you in and redirects automatically and this just seems hella-terrible
|
|
#
?
Mar 10, 2017 01:39
|
|
|
sounds more like...shitium
|
|
#
?
Mar 10, 2017 01:59
|
|
|
yeah..... i use my BRAIN because i'm in mensa and above that
|
|
#
?
Mar 10, 2017 02:34
|
|
|
Rufus Ping posted:bit of a joke that 1p for android still doesnt support the new vault format unless you use it in conjunction with either dropbox or bonjour is the new vault format something I have to opt into? I signed up for 1password after all these things like v6 came into existence and i haven't noticed any issues, and i dont have a dropbox account. 1password owns in a big, big way btw
|
|
#
?
Mar 10, 2017 04:16
|
|
|
anthonypants posted:is 1password v6 on windows still garbage? nvm. discussion has moved on. Need to read through thread before replying. Proteus Jones fucked around with this message at 06:20 on Mar 10, 2017 |
|
#
?
Mar 10, 2017 06:15
|
|
|
im still using password safe with a local DB on an encrypted volume because it works for me. it would probably be convenient having browser integration or whatever
|
|
#
?
Mar 10, 2017 06:58
|
|
|
https://blog.codinghorror.com/password-rules-are-bullshit/ from the comments quote:Password managers are EVIL. The one time I tried to use one, it got hacked. Don't like being dependent on third party service. Of course managing unique strong password for every site is beyond human capabilities. I found my own solution: writing a password manager for myself. It's less than 20 lines of code and never stores anything - it just does mathematical calculations on list of words, then generates unique 30+ chars password. Brute forcing such password is next to impossible.
|
|
#
?
Mar 10, 2017 18:04
|
|
|
Fergus Mac Roich posted:is the new vault format something I have to opt into? I signed up for 1password after all these things like v6 came into existence and i haven't noticed any issues, and i dont have a dropbox account. i believe v6 uses the new format (opvault) by default if you sync with a pc/mac using dropbox or wifi sync it's fine the problem is if you use some other, filesystem-based syncing method (like syncthing or btsync or rsync or whatever). android 1p can't open opvault directly from disk. you need to use the old format (.agilekeychain) https://discussions.agilebits.com/discussion/67253/when-is-the-local-sync-for-opvault-coming
|
|
#
?
Mar 10, 2017 18:15
|
|
|
Shaggar posted:code signing is cool and good and its good for people to think about it even if its for silly poo poo like a text editor. it is but you also get things like http://colin.keigher.ca/2014/12/the-joke-behind-signed-sony-malware.html
|
|
#
?
Mar 10, 2017 18:35
|
|
|
CRIP EATIN BREAD posted:it is but you also get things like http://colin.keigher.ca/2014/12/the-joke-behind-signed-sony-malware.html kaspersky was so mad for that
|
|
#
?
Mar 10, 2017 19:48
|
|
|
The hacker known as yosposbithc
|
|
#
?
Mar 10, 2017 20:05
|
|
|
CRIP EATIN BREAD posted:it is but you also get things like http://colin.keigher.ca/2014/12/the-joke-behind-signed-sony-malware.html amazing
|
|
#
?
Mar 10, 2017 20:17
|
|
|
ate poo poo on live tv posted:The hacker known as yosposbithc it me
|
|
#
?
Mar 10, 2017 23:07
|
|
|
OSI bean dip posted:kaspersky was so mad for that they got completely bent out of shape for no reason, it was quite something
|
|
#
?
Mar 10, 2017 23:17
|
|
|
Rufus Ping posted:they got completely bent out of shape for no reason, it was quite something kaspersky is just a greythread regular
|
|
#
?
Mar 10, 2017 23:43
|
|
|
cinci zoo sniper posted:kaspersky is just a greythread regular lazorexplosion posted:Password chat: make a random alphanumeric string up, like IXfQi5. Every password you make will have this in it, and you'll remember it easily because you use it all the time. Then, to make each password unique, add a couple of english words to it that are associated with that particular use. So your SA password might be IXfQi5passwordgaysowhat, bank password IXfQi5imsopoor and so on. Easy to remember, unique for each use, strong, impossible to dictionary attack.
|
|
#
?
Mar 11, 2017 00:15
|
|
|
Cardboard Box A posted:I found his account Meh, I don't think that's the worst tbqh, even a weird custom algorithm that produces a long password given a small input is still better then nothing. It's basically a otp at that point anyway.
|
|
#
?
Mar 11, 2017 01:00
|
|
|
ate poo poo on live tv posted:Meh, I don't think that's the worst tbqh, even a weird custom algorithm that produces a long password given a small input is still better then nothing. It's basically a otp at that point anyway. Better than password reuse, worse than a password manager. To be honest there's so much password reuse and breaches tend to be so large that people don't go through the list of plain text passwords from multiple breaches trying to work out patterns between similar but different passwords, they just throw the whole list at various websites as is and ignore anything that doesn't work first try.
|
|
#
?
Mar 11, 2017 01:21
|
|
|
OSI bean dip posted:kaspersky was so mad for that lol i remember one of my colleagues being really pissed about this as well, because of all the "wasted time in the CERT community" owned bithc
|
|
#
?
Mar 11, 2017 01:36
|
|
|
ate poo poo on live tv posted:The hacker known as yosposbithc one day, long after our stupid gay forum is dead, a tear will glisten in my eye when i read a story about a republican being 0wned by a hacker called yosposbithc
|
|
#
?
Mar 11, 2017 01:50
|
|
|
homegrown crypto question: how bad is it if you can narrow down the range of possible values for the IV based on, say, the current date/time?
|
|
#
?
Mar 11, 2017 01:57
|
|
|
redleader posted:homegrown crypto question: how bad is it if you can narrow down the range of possible values for the IV based on, say, the current date/time? real bad
|
|
#
?
Mar 11, 2017 02:00
|
|
|
im wrong
Rufus Ping fucked around with this message at 03:16 on Mar 11, 2017 |
|
#
?
Mar 11, 2017 02:03
|
|
|
redleader posted:homegrown crypto question: how bad is it if you can narrow down the range of possible values for the IV based on, say, the current date/time? Depends on what you're using the IV for. For a lot of protocols, it doesn't matter if IVs are predictable, just that they're unique. Time-based IVs (or sequential IVs) may be suitable for these protocols. Although if an untrusted peer can initiate a conversation with an IV of their choice (even if they won't be able to understand what's in it) then they may be able to predict a "future" IV from a legitimate peer and force the subsequent legitimate future conversation to use a non-unique IV, which is generally pretty bad. In general, you want to not allow IVs to be chosen freely by clients for this reason.
|
|
#
?
Mar 11, 2017 02:08
|
|
|
Cardboard Box A posted:I found his account lazorexplosion posted:Firstly you would have to find a place that stores plain text passwords which almost never happens because virtually everyone these days knows to at least store passwords as hashes. Then you'd need to human-read all the passwords in the database looking for patterns to figure out, nobody does this because lol at actually reading 100,000 passwords instead of just feeding them to a bot. Then you'd need to recompute all your rainbow tables and doing that to try and get a chance of a single user's login is an insane amount of work when you can just use automated attacks that compromise the millions of accounts with fewwordenglishpassword by the thousand. 
|
|
#
?
Mar 11, 2017 02:20
|
|
|
redleader posted:homegrown crypto question: how bad is it if you can narrow down the range of possible values for the IV based on, say, the current date/time? ivs don't need to be secret, and with something like aes-ctr they're trivially predictable. they do however need to be unique, and the current date/time is something that an attacker may be able to control to force duplicates
|
|
#
?
Mar 11, 2017 02:59
|
|
|
Chalks posted:Better than password reuse, worse than a password manager. Right. Having your super secret password for a website being [non-unique salt]+websitename+[N repeating characters of padding] is still a solid password scheme for an individual. But yes, just use a password manager.
|
|
#
?
Mar 11, 2017 04:36
|
|
|
ate poo poo on live tv posted:Right. Having your super secret password for a website being [non-unique salt]+websitename+[N repeating characters of padding] is still a solid password scheme for an individual. But yes, just use a password manager.
|
|
#
?
Mar 11, 2017 05:01
|
|
|
"i have a really simple system: for banks and email and facebook i have good unique passwords that i remember. for everything else i just use the same password" i have an even simpler system: just use a password manager for everything
|
|
#
?
Mar 11, 2017 10:18
|
|
|
Wheany posted:"i have a really simple system: for banks and email and facebook i have good unique passwords that i remember. for everything else i just use the same password" now i just click once to keep rear end and it's cool, thanks thread
|
|
#
?
Mar 11, 2017 10:23
|
|
|
do you keep print outs of your passwords?
|
|
#
?
Mar 11, 2017 11:34
|
|
|
Shinku ABOOKEN posted:do you keep print outs of your passwords?
|
|
#
?
Mar 11, 2017 11:47
|
|
|
then what happens when your vault goes *poof*
|
|
#
?
Mar 11, 2017 11:58
|
|
|
|
| # ? May 17, 2024 04:08 |
|
|
Shinku ABOOKEN posted:then what happens when your vault goes *poof*
|
|
#
?
Mar 11, 2017 12:04
|
|