Key managment

>>60966626
w2c sweater

>>60966626
so you hash your password to never use it again?

>>60966626
Keepass

Master Password.

The password manager for the master race.

>>60966805
No, I pass the output to the password field of the site.

>>60966626
I just fucking remember them because I'm not a brainlet

>>60966936
Are you able to remember multiple secure 20+char passwords and for which site each one is for?

>>60966945
Yes
I use the correct horse battery staple method + adding in random special chars in random places
I usually make each one unique and try to make it something funny so that I usually remember them very well

>>60966626
brain

Why was I just promoted?

>>60966986
you are retard
modern dictionary attacks can crack you're retarded password very quickly

>>60966626
hey thrice

>>60967109
No they can't

>>60967109
>adding in random special chars in random places
Reading is hard
On top of that I dont just use english in them

>>60967170
>>60967183
yes they can retard

>>60967192
Ok then. Tell me which dictionary you would use and OP can tell us how long it would take to run for his password.

>>60967208
that's classified

>>60967208
How many words does his password have?

>>60967222
We don't know, that's not part of the information available to an attacker

>>60967233
lol

>>60967222
I'll give you some info on one
5 words, one of which is spelled wrong, 2 of them have some letters replaced by symbols, and random symbols placed in between words

>>60967109
only if its very few words and no special characters. Good luck cracking a 14 word password.

>>60967269
That is also just one of my passwords that is English only

>>60967233
Ok, assuming no random characters in random places then it would be dictionary_words^total_number_of_words

>>60967273
>14 word password with 3 random characters
this is equivalent to a 15 character normal password

>>60967109
>can crack you're retarded password very quickly
American education

>>60967109
bruce schneier's post about "dictionary attacks" on correct horse battery staple was 100% wrong, idiotic, and cost me most of my faith in him. knowledge of the dictionary does not decrease the entropy of the password.

>>60967299
Only if you're using unicode characters. There are literally millions of possible words and 52 letters in the English alphabet.

>>60967221
>i dont know shit so i say random shit
>please provide evidence anon
>it's a sekrit
LEL

>>60967109
>>60967192
According to howsecureismypassword dot net (I didnt put in my real password obv. Just a close facsimile) it would take "2 DUODECILLION YEARS" to crack

>>60967328
that does not count for dictionary attacks

>>60967328
According to howsecureismypassword dot net
"passwordpassword" would take 35 thousand years to crack.

>>60967307
you're actually the dumb one

>>60967362
>>60967371
rip
So whats a better way to calculate it taking into account dictionary attacks?

>>60967307
There are many things that should have costed your faith on him even exincluding that.

>>60967371
>"passwordpassword" would take 35 thousand years to crack.
This is retarded, it would only be 26^16 which is almost 2^75, trivially crackable on the hands on nsa.

>>60967469
>26^16
wrong

Anyone use pass? I think that's what I'll move to soon. But then I have to worry about securing my gpg keys.
>>60967307
but you're literally wrong, entropy is reduced compared to an equivalently long random password. If one can assume a given password contains only dictionary words, the search space is greatly reduced. The only bit-for-bit strong passwords are those that are random, such as those generated by pwgen, or any other random string of chars seeded from /dev/urandom.

>>60967495
>compared to an equivalently long random password
But it isn't compared to that

>>60967478
26 characters on the english alphabet, 16 characters on the string

>>60967514
what about numbers and punctuation ect

>>60967522
It does not contain any.

>>60967537
lol

>>60967511
>knowledge of the dictionary does not decrease the entropy of the password
If you use dictionary passwords, or non-random passwords in general, the entropy is reduced across the board. You always compare to the best-case scenario, especially when the best case scenario is what you should be using. So why are you talking about weak passwords, with weak entropy, when you can use pwgen or similar and measure entropy per bit, and not per dictionary word?

>>60966626
you mean all your passwords are sitting in your bash history? get rekt (i'll rek u)

>>60967571
My hard drive is encrypted.

>>60967566
Because nobody actually uses those in the real world and it's them we need to teach. Good luck teaching your grandma how to use Keepass for a website that doesn't allow copy and pasting passwords.

>>60967596
>for a website that doesn't allow copy and pasting passwords.
Is that a thing? I would not know as I have dom copypaste events disabled.

>>60967589
Except when it isn't, and it's sitting plaintext readable to any and all applications malicious or not.

>>60967589
But how do you remember the encryption password?
Checkmate atheists

>>60967633
>Except when it isn't
It is all the time.

>and it's sitting plaintext readable to any and all applications
I execute potentially vulnerable applications like firefox as a different user.

>malicious or not.
I only use foss applications.

>>60967495
>If one can assume
Based on what? What would allow that assumption to begin with?

>only dictionary words
So any misspelling, added characters, camel casing, etc, invalidates your point

>>60967596
>strawman
How is this relevant to anything I've said? Your retarded grandma can go fuck herself.
>>60967888
>Based on what? What would allow that assumption to begin with?
Based on common user-chosen password traits, and based on reducing the potential search space for a brute-force attack.
>invalidates your point
No, your ignorance invalidates your post. Common traits like you describe, e.g. character substitution as in p@ssword, are easily accounted for at the cost of little increased search space. And regardless of assumptions, a random password has maximum potential entropy, while everything else, diceware included, has less.

keepass
any other answer is wrong and the poster retarded.

>>60968035
Enjoy your backdoor

>>60968043
Fucking imbecile.

>>60968035
>not using pass
>not retarded
Pick one.

>>60968086
Idiot. Kill yourself.

>>60967371
Except "passwordpassword" is going to be one of the first things being tried, along with every other retarded normie password.

I keep my passwords on a gnu/hurd partion, they get so disgusted on ones want to touch them

>>60967589
any program running as your user can see your history

>>60967571
>>60966626
hahahahahaha
tfw when you know enough about technology that it actually makes everything work less

other examples: pacman, making google searches, arch linux,

File: 1467554064264.png (52KB, 1376x747px) Image search: [Google]

52KB, 1376x747px

>>60966626
I use the password generator that comes with Keepassx.

>>60967571

$ grep -i histcontrol ~/.bashrc
HISTCONTROL='ignoreboth:erasedups';
export HISTCONTROL;

>>60968270
Pacman is much better than apt though

>>60968555
You could say it's more apt than apt.
I'll see myself out.

>>60968567
>knowing Japanese
How much of a weeb are you?

>>60967299
>14 words with garbage characters
>equivalent to 14 regular dictionary words
>14 regular words
>equivalent to 14 characters
If the password is in roman letters then that's at least 2 attempts per character due to casing, when applied to a word that grows exponentially.

A (character) = 2 attempts
aA (word) = 4 attempts
aAa (word) = 8 attempts

aaa
Aaa
AAa
AAA
aAA
aaA
aAa
AaA

pass with git
https://www.passwordstore.org/

>>60967537
This better be a joke. If you knew what the password contains then you wouldn't be using brute force. Even though it doesn't have any you still have to search for them because obviously you don't know if it contains them or not. The only exception is when you know where the password is used and only then can you make assumptions based on allowed characters and length.

>>60968548
Thank you, you've taught me something very important today

>>60968635
Who stops the NSA from doing a brute force on lowercase-only characters while they do a brute force on all of ascii at the same time?
Nobody

>>60967469
The amount of years it takes to brute-force it depends on what character set the attacker is using. For example, it would be a lot faster if he somehow only used {p, a, s, w, o, r, d} than if he use {A..Z, a..z, 0..9}. And it would be also faster if he knew the length of the password.
And it would be faster if he did it in a parallel way across many computers.
You can't make vague generalizations like that.

>>60967307
the whole point of correct horse battery staple is that it's
1: easy to remember
and 2: still provides a tolerable level of security

because the entropy calculation from the xkcd strip assumes the cracker has the dictionary you generated your password with and knows that your password is just four randomly selected words from it
a truly random password of the same length with alphanumeric characters and punctuation would be obscenely stronger, but the whole point is that it's not memorable and you're just going to end up writing it down somewhere

>>60966922
That's actually a pretty sweet idea. I like it.

>>60967109
No they can't.
Infact long and obscure passwords with random words and patterns aren't easy to crack due to you have to program what the dictionary should check and what patterns are common and more on.

>>60966626
>20-char-masterpass@service-or-site-name
basically that same thing but no hashing
and instead of the site name i use corruptions of the name that aren't very clever, like peepal and fleabay

>>60966922
I love this concept. I've improved your script a little bit. This would make a great alias.

unset input; read -p "Input: " input; echo -n $input | openssl dgst -whirlpool -binary | base64 | head -c 8; echo \!\_; unset input

File: 1488576614448.png (355KB, 810x710px) Image search: [Google]

355KB, 810x710px

>>60966626
the only correct way

File: Lastpass sure knows their stuff.jpg (64KB, 1145x736px) Image search: [Google]

64KB, 1145x736px

>>60967328
>>60967371
>>60967469
>>60968116
I decided to try out a few passwords I generated but noticed Lastpass offered something similar.

I put in a joke answer and here is the result.

>>60966626
Pen and paper.

>>60970773
(with added salt) :^)

unset input; read -p "Input: " input; echo -n $input saltycum69 | openssl dgst -whirlpool -binary | base64 | head -c 8; echo \!\_; unset input

>>60967109
How big should the dictionary be?
4 random words from a 200,000 word dictionary is a LOT of entropy.

"the eat house sandwich" will get cracked quickly, but "Fornication revolution obsolution crunk" will never get cracked.

>>60970798
Final print. sends the output to the clipboard.

unset input; read -s -p "Key please.." input; echo; echo -n $input RbZYAwGnbzfYh | openssl dgst -whirlpool -binary | base64 | head -c 8 | xargs -0 printf "%s" \#\1 | xclip -selection c; unset input

>>60970967
dont you think it should be 16 characters instead of only 8?

>>60970999
Well, make yours 16 then. Some sites don't allow 16 char passwords, it's 10 chars btw. added "#1" at the beginning for those sites that require special + number (for the times the first 8 base64 chars don't have any specials or numbers.)

>>60967109
>calls other people retards
>you're password
>you're

>>60971060
ah yeah, I missed the "#1". but hey, dont need to get defensive, I was just pointing out the low character count (at least when it was 8) since we are talking about security here. thanks for your excellent work anon

File: feh_004083_000002_april-003_0140.jpg (140KB, 1400x940px) Image search: [Google]

140KB, 1400x940px

>>60971102
Sorry, didn't intend to come off as defensive, my bad. Just gotta change the 8 to a 14 :)

>>60971078
>>60967305
shit it's summer already

>>60971127
np. I changed mine to 12 and added an extra special character and number. one other thing I wanted to point out too just as a fyi, the "#1" as you know is being added to the start but some sites require a password to start with a letter. just keep that in mind

>>60971186
Good point, yeah I guess it's probably best to just make it as flexible as possible right from the start before using it too much. I assigned a hotkey for it in xfce4. Then I added a 10 second timer to the end of the script that overwrites the clipboard automatically. This shit is definitely going to come in handy.

unset input; read -s -p "Key please.." input; echo; echo -n $input RbZYAwGnbzfYh | openssl dgst -whirlpool -binary | base64 | head -c 14 | xargs -0 printf "%s" \#\1 | xclip -selection c; unset input; sleep 10; echo 1 | xclip -selection c

I'm thinking this could actually be a great model for mobile password management apps. Just storing the seeds and a master salt instead of the passwords themselves. Neat lightweight obfuscation.

just use a password manager ya dumb niggas

>>60971254
you could do this instead: printf "%s#1"
that way the generated password comes before the "#1", and hopefully its not a number. otherwise you can just remember to add a letter to it to make it acceptable, say the first letter of the site/service

>>60971662
"a%s#1"

>>60971800
I thought about that but that just adds another static character to the password along with the ending "#1". I mean really at that point Im just being paranoid I suppose haha

>>60971856
16^65 is a BIG key space ! :p

>>60966626
Similar to what you have, but I use bcrypt instead of sha3sum. Domain name as the salt and password as the password.