Jump to content

Best Password Manager?

It's not always useful to have a long password when that long password has a low entropy.

Write in C.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Dat Guy said:

It's not always useful to have a long password when that long password has a low entropy.

Depending on how you're qualifying "long", it's generally difficult for a long password to have low entropy. 

 

For example, a 17 character mixed alpha password is only slightly weaker than a 15 character mixed alphanumeric w/ all special characters and punctuation. 

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
Share on other sites

Link to post
Share on other sites

19 hours ago, Fulgrim said:

You don't need to pay for the Premium version of LastPass unless you use multiple devices. If you only use one pc, or one laptop then just use the free version.

But i'd also keep a hand written copy of your login info, and keep it safe somewhere.

This is wrong I use last past on a number of devices PC and laptops (you do have to pay if you want to use it on android) and I highly disagree with writing any password down.

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites

Link to post
Share on other sites

ive synced my passwords over 4 devices and am very happy with lastpass, I think im going to be using this forever

Link to comment
Share on other sites

Link to post
Share on other sites

On 7 Jun 2016 at 7:19 AM, Blade of Grass said:

See, now that's a bit of a waste. Most password hashing algorithms will truncate your password way before that. 

I would disagree.

(Good) Hash functions must meet some requirements. In short, those are:

- every hash must be fixed size for any input (eg. checksums when downloading 1MB application and 4GB ISO image have the same length if they use the same algorithm. Checksums use hash functions like MD5. MD5 is not secure but let's leave that for some other topic)

- there should be NO two exactly the same hashes for different inputs

- even the single bit change in the input should result in drastically changed output of the function

 

Also hash functions are one way functions. Good luck in reconstructing huge input string from a 40 character hash in case of SHA1. And that's where we come to the point of using 1024 character password. It would take a whole eternity to crack that one because the only way to do is brute force and to do all the permutations it just take a huge amount of time. And when using salt it gets even worse for the attacker.

 

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Niksa said:

I would disagree.

(Good) Hash functions must meet some requirements. In short, those are:

- every hash must be fixed size for any input (eg. checksums when downloading 1MB application and 4GB ISO image have the same length if they use the same algorithm. Checksums use hash functions like MD5. MD5 is not secure but let's leave that for some other topic)

- there should be NO two exactly the same hashes for different inputs

- even the single bit change in the input should result in drastically changed output of the function

 

Also hash functions are one way functions. Good luck in reconstructing huge input string from a 40 character hash in case of SHA1. And that's where we come to the point of using 1024 character password. It would take a whole eternity to crack that one because the only way to do is brute force and to do all the permutations it just take a huge amount of time. And when using salt it gets even worse for the attacker.

 

While these algorithms are designed to avoid this at all costs, overlaps to occur - the laws of mathematics require it.

 

Consider that you have some files.  In fact, you have every single different 4 GB file that could possibly exist.  If I'm not mistaken, that would be 1.png files, or in other words, enough to overflow the arbitrary precision library used by Maple.  Now consider how each of those could possibly be given a unique hash when the hash is only 20 bytes, or even 40, or 1024, or 10 million bytes long? Just pick a number; it doesn't really help ;)

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

15 hours ago, Ryan_Vickers said:

While these algorithms are designed to avoid this at all costs, overlaps to occur - the laws of mathematics require it.

 

Consider that you have some files.  In fact, you have every single different 4 GB file that could possibly exist.  If I'm not mistaken, that would be 1.png files, or in other words, enough to overflow the arbitrary precision library used by Maple.  Now consider how each of those could possibly be given a unique hash when the hash is only 20 bytes, or even 40, or 1024, or 10 million bytes long? Just pick a number; it doesn't really help ;)

I agree, overlaps must exist when used as checksums for huge files, but for passwords - nope. Although older algorithm like SHA-1 has theoretical weakness, it is still considered relatively safe to use.

Also, funny thing is that in theory 2 eg. 4GB files would have to be radically different or exactly the same to have the same checksum.

Link to comment
Share on other sites

Link to post
Share on other sites

The best way is brain? not agreeing with that, you can forget your password easly if you have dozen of different passwords.

 

Like each for Gmail,Paypal,Linux Root Account, Linux Normal account, Github account, SQL root, All kind of SQL account because of different uses. etc etc

 

The most secure way is your brain, but not the best way.

Quote or mention me if not feel ignored 

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Niksa said:

I agree, overlaps must exist when used as checksums for huge files, but for passwords - nope. Although older algorithm like SHA-1 has theoretical weakness, it is still considered relatively safe to use.

Also, funny thing is that in theory 2 eg. 4GB files would have to be radically different or exactly the same to have the same checksum.

Yeah, they should all work fine for passwords, as long as people aren't making passwords with more total bits of information than the hash itself; otherwise we get back to that file example :P 

And yeah that is funny xD but I guess the idea is they want to protect people from minor changes they might not immediately notice.  If the file was drastically different, it would probably just be corrupt, or at the very least would be obvious that something is wrong.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

On 6/10/2016 at 1:51 AM, Cruorzy said:

The best way is brain? not agreeing with that, you can forget your password easly if you have dozen of different passwords.

 

Like each for Gmail,Paypal,Linux Root Account, Linux Normal account, Github account, SQL root, All kind of SQL account because of different uses. etc etc

 

The most secure way is your brain, but not the best way.

I had my own way of using the url(getting numbers and symbols) and mixing it with a pre-determined password.

 

Eventually I got tired and mad my own Password Calculator(calculates the same password without storing anything hopefully). So far it works, I use only 5 passwords in it and I only enter 2 fields account and key.

for example for linustechtips if i use the password steve and want a 20 character password I get 1k/]3?mp"Wq{C!s-zdS5.

The only problem with it is that sites such as outlook do not allow certain special character, so I need to eventually improve it.

 

 

Capture.PNG

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×