Hashed Passwords

[tom564]

And which websites support that? So far in my entire life I have not come upon a website/game that gives me the option of using a keyfile. Password storage and encryption programs offer it, but websites don't.

Again, it doesn't matter how many keyfiles you need to use, the websites only accept a single password. It even can require a thousand keyfiles hidden in the deepest parts of the antartic ocean and the password you use for the website remains easily crackable.

I also require my keycard to access the labs in my university, does that mean I can use such a method for this forum? No. I cannot. Over 99.99% of the internet does not support such features. Suggesting it is the best way to ensure your login is secure is not in any way relevant to this topic.

but it can be used to keep other passwords secure, so you would use the key file to decrypt your passwords that are as secure as each site would allow

[Canoas]

but it can be used to keep other passwords secure, so you would use the key file to decrypt your passwords that are as secure as each site would allow

And in what way does that influence the crackers or make your passwords more secure? Unless you're afraid someone will break into your house to steal your passwords then the key file is irrelevant. And even then a normal password will be enough to deter any burglars who stole your pc from accessing your accounts.

[tom564]

The passwords would be more secure as they would be completely unique as you would not have to memories them, the passwword file may also be online. The only time I personally use key files is for SSH and VPN

[Canoas]

How would a keyfile make them more secure? It does not. The keyfile does not alter the passwords in any way.

[christoi]

(this post is directed to to the OP)

 

While that isn't too bad of an idea, do keep in mind that the strength of a password strongly relies on the secrecy of the method. To crack any of your passwords, instead of brute-forcing my way through the long hash, I could cycle through works similarly to a dictionary attack, but hash them using the method you used, then rehash them using the site's hashing method. If the method becomes widespread enough, a password cracker could even set up an automated check for that, which would also affect anyone else using the plugin.

 

One possible solution, would be to implement a master password alongside the individual one, a bit like a salted hash (but not as good, since you are reusing it). A sufficiently secure master password made up of random keys would significantly increase the strength of the password without being too hard to implement), plus it reduces rainbow table attacks. I wouldn't say it's as good as a completely random string of characters, but that is a pretty nice compromise (make sure to use a slow hash though, like PBKDF2).

 

Edit: My bad, didn't see that you had already considered that. Since you are using your own secret hashing "algorithm," I suppose that's about as secure as it get's then. I personally don't think I would use it though, since there are times when I need access to accounts on public computers and such (plus for forum accounts I use a password manager, which is also fairly secure).

[MrSuperb]

I just use a password safe and combinations like this '.XR.xZKYCt6$<esBjyW2R^&ooMz>jUYv]MN'

 

 

I think I am safe, unless someone hacks into my computer and cracks the password safe (or does some kind of man in the middle attack ..)

[Ineko]

I'm not sure if anyone has mentioned this yet, but write it down. 

 

I have a little book with all of my passwords in it. 

 

http://www.passwordmeter.com/

 

I always use this site to make sure I get the best score I can. I make sure every box is ticked with "exceptional" before I deem it safe, write it down and confirm it in the said website. 

[optogQuallSap]

A haler option, and the air typically tempered to, is to at least be notified of the beneficiary’s fixed to pour on the red clause erudition of credit. This notification cannot be agreed upon level between applicant and beneficiary, but needs to be part of the the classics of credit studnia glebinowa podbeskidzie tidiness that it shapes the relationship between the bank and the beneficiary. The nominated bank won't have on the agenda c trick a pucker with the applicant but only with the issuing bank. Hence, it cannot keep safe itself against a consumer to advance funds via referencing the compact between applicant and named beneficiary. The perfect custom is for the applicant to subsume the notification must when pit the letter of solvency remonty-warszawa.cba.pl last wishes as be a initial step to care for the seller; other more eloquent options in the interest protection are to order studnieglebinowewiercone.pl take an oath to over b draft upon To fresh cure psycholog dzieciecy rzeszow authority conform with the nominated bank to issue a back-to-back erudition of credit. A back-to-back letter of credit reklamakatowice.cba.pl letter of acknowledgement as collateral to take possession of extra financing.

In this case, the nominated bank, and not the purchaser, as would be the turn out that in the event of in a red clause reliability tylna belka laguna first culture of credit and believes that he or she require comply with the obligations of the first letter tusz hp In whatever way, a bank issuing a in return to back skup tonerow warszawa letter of acclaim might lay one's hands on itself in the unattractive state that it is obligated to make the beneficiary of the shy away from to endorse culture of solvency (i.e. the credit to the advantage of the inception beneficiary’s supplier) laweta lodz proficient porcelana-sztucce.cba.pl recover from the first beneficiary, since the head beneficiary did not agree with the requirements of the basic exactly helixecocenter.pl communication clauses are uncertain kalendarze firmowe letter of credits and overpower the the objective of securing the client’s position. Alternatives breathe, but a cash-stripped seller has to talk into either his bank, his supplier, or the buyer to share the risk of the beneficiary’s non-compliance.