Thread replies: 42
Thread images: 6
Thread images: 6
How much of a bad idea is to store all my passwords in an encrypted text file? :^)
> encrypted
note that it's encrypted :^)
I think it's much better than using password botnet managers.
>>
>using the smiley with a carat nose
>>
I use a piece of paper and a pencil.
>>
File: 1439052189023.gif (89KB, 256x256px) Image search:
[Google]
89KB, 256x256px
>>52457963
>>
How are you encrypting it? It seems that passwords encrypted woth 2048 bit PGP would be fairly safe.
Personally, I keep mine in on Seahorse in a VM on Qubes that has no network access.
>>
File: doppelpunkt groesser als klammer zu.gif (2MB, 500x500px) Image search:
[Google]
2MB, 500x500px
>>52457963
>>52457979
>>
http://www.passwordstore.org
>>
>>52457999
>groesser als
>implying ^ is the same thing as <
Which retard made this picture?
>>
File: Advanced Attributes.png (32KB, 425x331px) Image search:
[Google]
32KB, 425x331px
>>52457995
>>
>>52458035
You are mom
>>
>>52457902 I would like to encrypt her, if you know what I mean.
>>
>>52458038
>trusting windows with your keys
>>
>>52458035
,,
>
u
>>
>>52458053
Yeah I know, but for this purpose I think it's safe enough. No person is going to be able to see its contents besides me even if they manage to somehow get their hands on that file.
>>
>>52458053
>implying there's any point in not trusting Windows when they control your computer from the kernel up
>>
>>52458075
>because nobody ever finds bugs in windows
You can't even be mad if your shit gets rekt.
>>
>>52458105
It's the only encrypted file in my PC. I don't think installing a separate encryption program for this purpose would make so much sense..
>>
>>52458152
But the file contains ever password, why would you trust windows to hold that key?
>>
:L or :V
>>
just use keepass or pass.
>>
who is this fluid druid?
>>
>>52458038
Trusting windows is worse than trusting those "botnet" password managers mentiined in the OP. Many of those managers are open source and by far the best option behind fairly knowledgeable people doing it themselves
>>
>>52458403
Well, I kind of trust Windows (7) to hold all my files..
>>52458442
None :^)
>>52458462
No
>>52458483
Amy Green, apparently
>>52458523
Yeah, I just can't trust all this "cloud syncing".
>>
>>52458969
>trust Windows
alright, stay in your neat little bubble, don't want to try popping it anymore.
>>
>>52457902
>using the smiley with a carat nose
>>
>>52458048
I want to encrypt her ass with my cock
>>
>>52458062
..
>
\__/
>>
>>52458969
>Yeah, I just can't trust all this "cloud syncing".
That's fair. Typically the encryption/decryption is done on your end and the encrypted data is stored on the cloud, meaning nobody can really do anything with it without your key, which is stored purely on your end. You can't always be 100% for sure, however, and there are password managers without any online connectivity
>>
What's wrong with KeePass? It's all local and it's open source, which I'm guessing is one of the reasons you would be trusting GnuPG (or whatever software) to do your encryption/decryption.
>>
>>52460483
There was a recent bug found in keepassX that circumvented encryption. Using these purpose-built encryption programs just increases your attack surface, with the only benefit being that it gives you a
GUI. GPG is tried and true.
The same is true for
>>52460420. Also, there was a critical bug found in a popular cloud password manager akin to KeePass, I forget the name of it though.
>>
>>52457902
just write them down on paper you dunkass
>>
>>52457902
It's basically the same thing as using a password manager, so it's just as much of a bad idea as using a password manager.
>>
>Manual encryption
It's tedious, mate. You should try a real password manager (non-cloud) with 2FA, like Password Safe + YubiKey
>>
>>52457902
Pretty bad but convenient. If convenience is that important to you, you can buy professional service for this.
>>
You do realize that when you open that encrypted text file, it dumps all your passwords into memory right? Any of the processes running on your PC can grab those.
>>
>>52460933
if you think decrypting and piping your passwords to vim or another text editor is more secure than keepass, you're wrong. a password manager offers more than a simple gui
http://keepass.info/help/base/security.html
unless you know what you're doing (judging from op, you don't), stick with tried and true software
>There was a recent bug found in keepassX that circumvented encryption.
if you're talking about keefarce, that only works in a situation where you'd be able to copy the password anyway. using gpg wouldn't protect you from a similar attack
>>
im gonna print mine out and put them with my important documents. how dumb am I, jee. will cybercriminals intercept my print? have they already stolen the files from my desktop?
>>
Look you retards, if you're running any password manager on windows it's ultimately going to use windows cryptoAPI anyway, which is the same as what will be used to store the password on the encrypted file. If you have a password manager that doesn't use crypto API, it'll have to decrypt and encrypt your key in userspace memory which would be trivially easy for someone to get to with access to your box.
The only exception would be those cloud-based password managers which none of you would touch anyway because of botnet meme.
>>
>>52457902
Mine's not even encrypted
>>
>>52463938
Look at the memory protection section- it uses DPAPI (read: Windows CryptoAPI). LE TRUSTING YOUR PASSWORDS WITH WINDOWS MEME. God I'm mad.
>>
>>52464301
>what is writing by hand
ive been using that method for 15 years. botnet cant touch something thats not networked or stored digitally
Thread posts: 42
Thread images: 6
Thread images: 6