[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Is this a secure way to generate passwords? SET /p password=Enter

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Is this a secure way to generate passwords? SET /p password=Enter
Thread replies: 11
Thread images: 1

Anonymous
2017-08-02 02:02:25 Post No. 61692105
[Report] Image search: [Google]
File: passwordeasy.jpg (253KB, 780x408px) Image search: [Google]
passwordeasy.jpg
253KB, 780x408px
Anonymous 2017-08-02 02:02:25 Post No. 61692105 [Report]
Is this a secure way to generate passwords?

SET /p password=Enter password#
SET /p rounds=Enter rounds#
php.exe -r "$password = '%password%'; for ($x = 0; $x <= %rounds%; $x++) {$password = hash('sha512', $password);} echo $password; echo PHP_EOL;"


So I have an easy to remember password like "cats" or whatever and then hash it an arbitrary number of times to generate a long password I can't remember. All I have to remember is the original easy password and the number of times it was hashed. An attacker would need to know both pieces of information to generate the real password. Good idea or is there a serious flaw in my thinking? Thanks for your help
>>
Anonymous 2017-08-02 02:19:43 Post No.61692299
[Report]
Anonymous 2017-08-02 02:19:43 Post No.61692299 [Report]
Rehashing is considered absolutely bad idea for security reasons, mainly because you might create hash collision problems in the future.
For now sha512 is safe to hash collision but since we are going to have quantum computers in a matter of years expect troubles.

In any case, hashing a hash is considered unsafe and not recommended.
>>
Anonymous 2017-08-02 02:22:01 Post No.61692324
[Report]
Anonymous 2017-08-02 02:22:01 Post No.61692324 [Report]
Adding: use HMAC instead or bcrypt since you are using php.
>>
Anonymous 2017-08-02 02:26:50 Post No.61692386
[Report]
Anonymous 2017-08-02 02:26:50 Post No.61692386 [Report]
Just generate random passwords consisting of 4096 Unicode characters and store them in an encrypted text file
>>
Anonymous 2017-08-02 02:27:44 Post No.61692396
[Report]
Anonymous 2017-08-02 02:27:44 Post No.61692396 [Report]
date | md5sum
>>
Anonymous 2017-08-02 02:28:06 Post No.61692404
[Report]
Anonymous 2017-08-02 02:28:06 Post No.61692404 [Report]
>>61692105
#!/bin/bash

if [ $# -ne 2 ]
then
  echo "This script needs exactly 2 command-line arguments!"
  exit 1
fi

echo $(echo -n "$1@$2" | sha3sum -a 512 | xxd -r -p | base64 -w0)

This is how I create my passwords, I would use pbkdf2 with sha3 and with like 2^16 iterations if it was easier to.

>>61692299
>Rehashing is considered absolutely bad idea for security reasons
Bullshit

>mainly because you might create hash collision problems in the future.
Wut

>For now sha512 is safe to hash collision
What the fuck is this supposed to mean?

>but since we are going to have quantum computers in a matter of years expect troubles.
Quantum computers won't magically break sha512.

>In any case, hashing a hash is considered unsafe and not recommended.
Yeah, no.

>>61692386
I would suggest to just take 512 bits from urandom and convert them to base64, however it would be somewhat difficult to keep that in your mind.

>and store them in an encrypted text file
You would need a way to encrypt that file.
>>
Anonymous 2017-08-02 02:29:45 Post No.61692432
[Report]
Anonymous 2017-08-02 02:29:45 Post No.61692432 [Report]
>>61692105
I just smack my head onto the keyboard while tapping Shift spastically
>>
Anonymous 2017-08-02 02:32:29 Post No.61692475
[Report]
Anonymous 2017-08-02 02:32:29 Post No.61692475 [Report]
You want a password manager.
>>
Anonymous 2017-08-02 02:33:23 Post No.61692485
[Report]
Anonymous 2017-08-02 02:33:23 Post No.61692485 [Report]
>>61692105
>php.exe

LOL
>>
Anonymous 2017-08-02 02:47:02 Post No.61692657
[Report]
Anonymous 2017-08-02 02:47:02 Post No.61692657 [Report]
KeePass + SyncThing has done great for me. ¯\_(ツ)_/¯.
>>
Anonymous 2017-08-02 02:52:00 Post No.61692721
[Report]
Anonymous 2017-08-02 02:52:00 Post No.61692721 [Report]
generate a passage from the bible like Terry does with gw. get the first word and the last. example king + tithe. make your own password out of that. e.g. k1nGt1th3
Thread posts: 11
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.