If two websites hash my password using MD5, will they get

post your password and i'll tell you

>>60986990
If neither site uses a salt, then yes.

>>60986990

With MD5? Yes. Its not a system with a built in salt or pepper.

You can literally go on some websites and test some hashes with MD5, they will be the same hashes you'll get using them on your server.

>>60986990
No.

>What is salt XD
https://en.wikipedia.org/wiki/Salt_(cryptography)

>>60987327
if any website is dumb enough to still use md5 i kinda doubt theyre smart enough to salt their passwords

>>60986990
>not using 10000 iteration sha-1 +salt
what in the world

>>60987341
According to haveibeenpwned.com the MD5 hash of my main password is in the wild, not salted.

echo -n "yes" | md5sum

>>60987361
pajeets (and other tech-incompetent people) reading php tutorials from the early 2000s

>>60987397
to add to this, this is why not using the same password on multiple sites is so important.

Your password might have a billion bits of entropy, but ultimately you're trusting someone you don't know on the other side to have proper security.

Proper security is hard.

Human beings are bad at doing hard things, bad at doing things properly, and particularly bad at doing hard things properly.

>>60987365
>search my address
>prolapse and extreme fisting site listed
o fuk is this the ultimate way of finding out what kind of shit your friends and co-workers get up to in their spare time

File: 5coZR7.gif (1MB, 247x275px) Image search: [Google]

1MB, 247x275px

>>60987411
remembering 1597 passwords is one of these hard things so what are we supposed to do? put them all in one password manager website and wait for it to be breached with all passwords at once?

>>60987459
write your own you fukin dingus

>>60987459
>remembering 1597 passwords is one of these hard things so what are we supposed to do?
password manager

>put them all in one password manager website and wait for it to be breached with all passwords at once?

Don't use an online one, clearly. Keepass works perfectly, and is as secure as you want it to be.

You can keep the encrypted file on a thumbdrive stuck up your arse if you want, with the keyfile to open it on a thumbdrive up your boyfriend's arse too.

You can have it run a fucking http server with browser integrations or you can have it only unlocked when you're manually viewing a password on an air-gapped machine.

don't be dumb

>>60987506
>run an executable that calls Keeppass.exe::DecryptPasswords

>all passes gone.

>>60987511
If you allow malware on your machine all bets are off, you're being dumb.

>>60987518
what is chrome/firefox 0days

>>60987511
also
>>run an executable that calls Keeppass.exe::DecryptPasswords
belies a huge lack of understanding of how keepass actually works.

>>60987523
Don't keep your password file unlocked in memory. As I said, if you're super paranoid you can have it on an air-gapped machine with no access to any other digital device.

All of the things you suggest are still a risk if you don't use a password manager. If malware or a 0 day exploit to the browser occurs, they can make your machine accept whatever ssl certs they want, they can intercept and decrypt any network traffic and get your passwords that way.

Using a password manager doesn't pretend to help against any of that, what it does help against is re-use of that compromised password on huge amounts of accounts.

Or you know what, just keep using the same one password for your gmail, web banking, credit card, and furaffinity accounts. It's cool.

>>60987459
write them down on a piece of paper :^)

>>60986990
they usually add some "salt" to the password (some extra strings), so with different salts they get different results.