Author Topic: Choosing a password manager--advice needed  (Read 13199 times)

wanderin1

  • 5 O'Clock Shadow
  • *
  • Posts: 61
Choosing a password manager--advice needed
« on: May 07, 2017, 04:42:39 PM »
Thinking about using a password manager to handle my ever-growing number of online accounts. My research so far has turned up a mixed bag. Features on the popular managers like Dashlane, 1Password and Lastpass sound great. But all of these companies have experienced their own serious data breaches.

Do you use a password manager? Why or why not? And if you do, which one do you use?

Thanks!


Password manager basic info examples:
http://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/
http://www.pcmag.com/article2/0,2817,2407168,00.asp
http://www.telegraph.co.uk/technology/0/safe-use-password-manager/

katsiki

  • Handlebar Stache
  • *****
  • Posts: 1831
  • Age: 41
  • Location: La.
Re: Choosing a password manager--advice needed
« Reply #1 on: May 07, 2017, 05:12:36 PM »
Check out KeePass v2.

It stores the database locally.

ND

  • 5 O'Clock Shadow
  • *
  • Posts: 17
Re: Choosing a password manager--advice needed
« Reply #2 on: May 07, 2017, 05:23:52 PM »
Keepass v2

The last time I tried Lastpass, it loaded all my profiles by default, which I did not like.  Keepass can load multiple databases at once, so I can keep a separate database for just my financial and social media stuff.  You can change the filetype of your Keepass database to whatever you want, and Keepass will still open it.  Security through obscurity, FTW :)
« Last Edit: May 07, 2017, 05:26:07 PM by ND »

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #3 on: May 08, 2017, 07:59:48 AM »
I am an information security professional, so I'll offer some advice and my opinion. Personally, I don't use any password manager that uses reversible encryption. That's not to say that reversible encryption itself isn't secure, but that many online password safes simply don't secure their systems enough to guarantee your password's safety. Keepass is a good offline password safe, but again, it uses reversible encryption and there are better ways to manage different passwords across multiple websites in my opinion.

I use cryptographic hashing encryption which is one-way encryption to manage my passwords. I only need to remember one master password for all my websites and a unique complex and long password can be generated from that one master password. The idea behind it is to take that one master password that you remember, hash it with a tag or domain name that you are going to use the password for, and then a unique complex password is generated for that website. You can now have an infinite number of unique passwords generated from one master password that can be used to register on all your websites. The unique passwords will always be the same as long as you always use the same master password and tag/domain name. What makes this secure is that the passwords that are generate are never stored anywhere. Even if the algorithm that is used to generate the password is stolen, your passwords are safe. You never have to worry about an encrypted password safe file getting lost or stolen. As long as you can remember that one master password and keep it safe (in your head), your passwords will always be 100% safe.

I created my own utility to generate these complex passwords, but there are also online versions that utilize this same concept. One example of this concept is here:

https://www.guerrillamail.com/tools

Just put in a domain name (for example, amazon.com), then enter your master password and it will then generate a complex password for you to use for your amazon.com account (as an example). The password it generates will always be the same as long as you always enter "amazon.com" and your master password for those fields. The password it generates is never stored anywhere since it is generated using one-way hashing on the fly.

My own utility works a little better for my needs than the guerillamail version (if anyone would like the python source, I can share it), but that guerrillamail.com tool is still a good option for managing your passwords in a really secure manner. As a bonus, the site can be accessed on your phone if you ever need it, so you don't have to worry about needing access to an offline password store.
« Last Edit: May 08, 2017, 08:03:37 AM by lifeanon269 »

joonifloofeefloo

  • Magnum Stache
  • ******
  • Posts: 4866
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #4 on: May 08, 2017, 08:09:30 AM »
PTF.

FLBiker

  • Handlebar Stache
  • *****
  • Posts: 1280
  • Age: 44
  • Location: Canada
Re: Choosing a password manager--advice needed
« Reply #5 on: May 08, 2017, 08:19:09 AM »
I use LastPass.  An IT guy at work whose judgment I trust recommended it.  I'm not an IT security expert, though.

Daley

  • Magnum Stache
  • ******
  • Posts: 4319
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Choosing a password manager--advice needed
« Reply #6 on: May 08, 2017, 10:56:43 AM »
I am an information security professional, so I'll offer some advice and my opinion. Personally, I don't use any password manager that uses reversible encryption. That's not to say that reversible encryption itself isn't secure, but that many online password safes simply don't secure their systems enough to guarantee your password's safety. Keepass is a good offline password safe, but again, it uses reversible encryption and there are better ways to manage different passwords across multiple websites in my opinion.

I use cryptographic hashing encryption which is one-way encryption to manage my passwords. I only need to remember one master password for all my websites and a unique complex and long password can be generated from that one master password. The idea behind it is to take that one master password that you remember, hash it with a tag or domain name that you are going to use the password for, and then a unique complex password is generated for that website. You can now have an infinite number of unique passwords generated from one master password that can be used to register on all your websites. The unique passwords will always be the same as long as you always use the same master password and tag/domain name. What makes this secure is that the passwords that are generate are never stored anywhere. Even if the algorithm that is used to generate the password is stolen, your passwords are safe. You never have to worry about an encrypted password safe file getting lost or stolen. As long as you can remember that one master password and keep it safe (in your head), your passwords will always be 100% safe.

I created my own utility to generate these complex passwords, but there are also online versions that utilize this same concept. One example of this concept is here:

https://www.guerrillamail.com/tools

Just put in a domain name (for example, amazon.com), then enter your master password and it will then generate a complex password for you to use for your amazon.com account (as an example). The password it generates will always be the same as long as you always enter "amazon.com" and your master password for those fields. The password it generates is never stored anywhere since it is generated using one-way hashing on the fly.

My own utility works a little better for my needs than the guerillamail version (if anyone would like the python source, I can share it), but that guerrillamail.com tool is still a good option for managing your passwords in a really secure manner. As a bonus, the site can be accessed on your phone if you ever need it, so you don't have to worry about needing access to an offline password store.

Interesting approach, but I'm not sure it's as safe as you're inclined to believe... especially the Guerrilla Mail method. You're basically talking about using tripcodes. In order to get consistent passwords using hash functions, you need either no salt or the same salt - but that is a technical side-trail that misses the two most important issues here. We'll assume you're (hopefully) talking salted, though.

Salts and accounts get compromised, and passwords get exposed off servers. Let's say you do use the [hashedpasswordfromguerrillamailgenerator]@[domain] method to generate passwords. Guerrilla Mail by virtue of function has to use the exact same static salt to their hashing algorithm, even if that salt is known/compromised, to ensure your username gets hashed out to your "official" inbox. It's the same reason for the utter weakness and worthlessness of tripcodes, and why everyone knew how to generate !Ep8pui8Vw2, lifeanon269. *cough* But I digress...

Okay, fine, let's say you do use a one-way hash to create a more complex series of letters and numbers to substitute in for your real password. Using the Guerrilla Mail "generator" for your password still leaves the @[domain] part unhashed. Unless you're typing in [passwordtobehashed+domainforpassword] as your "username" on their form instead of just [passwordtobehashed] to generate your password, the hash number spit out is always going to be !Ep8pui8Vw2.

Let's say you use that method for password generation. So, you have your Amazon password "generated" using this method to !Ep8pui8Vw2@amazon.com, your Ebay password set to !Ep8pui8Vw2@ebay.com, etc. etc., for every last website password you use. Then one of the less secure websites has a security breach and your password gets compromised. Just for giggles, we'll say it's here. !Ep8pui8Vw2@mrmoneymustache.com is now publicly searchable as a known valid password for an account tied to lifeanon269@gmail.com.

Problem One: How is this more secure than using plaintextpassword@amazon.com, plaintextpassword@ebay.com, plaintextpassword@mrmoneymustache.com for your passwords? Yes, the actual password might have been hashed into a non-dictionary word in this setup, but it's always the same hashed password. Having an exposed known username/password of lifeanon269@gmail.com for the username and !Ep8pui8Vw2@mrmoneymustache.com for the password means that anyone with more than two neurons to rub together is going to try using that email address with the first part of that password using the predictable second half of that password on other sites. Since you're using a single "master" password with this method, congratulations! You now need to change the password on EVERY SINGLE ONLINE ACCOUNT YOU HAVE because your "single" one-way "hashed" password has been compromised.

Of course, that's just one problem. There's also the lack of password rules and harmonization across the internet. There's plenty of websites that still place shorter and harder limits on the passwords you can use. Some limit to 20 characters or less. Some still forbid all non-letter/number character usage. Some forbid dictionary words in their password generation.

Problem Two: This method of password generation isn't going to yield a password that will work with each and every website that requires account credentials and passwords, which means your single password method still breaks under some circumstances, and you still wind up needing more than one method of generating and reliably recovering a password for some sites.

Now, back to the side-road mentioned earlier. Even if you did the [passwordtobehashed+domainforpassword] as your "username" on their form instead of just [passwordtobehashed] to generate your password and the other two issues weren't a factor, you're doing so using a known hashing algorithm with a known salt - which makes targeted attacks against users to crack their passwords really easy - maybe not desperately fast as the math still needs to be brute forced by a computer, but still easy to set up. The attacker knows it'll be a universal single password combined with the domain the password is linked to to generate the hash if each hash is found to be unique with every website best case scenario. Worst case, you're just hashing the password which brings us back to problem one. Either way, the actual typed password that you know and use can be exposed, which means that even though you can do a "password reset" by changing the salt to keep the same password and generate a different hash, your core password can be reverse engineered and then known.... leaving you with a password you have to change anyway. This is why everyone knew what moot's tripcode was.

There's a reason why the greater public doesn't use the tripcode method to generate their passwords.
Spoiler: show
Just because someone knows how to use seven proxies doesn't make them an infosec specialist.
I kid, I kid... but seriously, if this is your job? You have some room for improvement here, and a blindness to an ideological concept that impairs some rational thinking, just like everyone else. Know you're not alone in this weakness, but you did just apply that in a very public way on the subject of personal security and passwords. Use that as an opportunity to grow, mature and learn. Unfortunately, people should take this idea with a grain of salt... pun intended.

Yes, KeePass2 may have its own weaknesses and issues, but I'll take an offline password manager database for managing passwords over using a half-baked, one-way hash generator method that's inspired by using a futaba imageboard to manage my passwords. It's a cute idea, but it's a really bad idea in reality.
« Last Edit: May 08, 2017, 11:36:35 AM by I.P. Daley »

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 75
  • Age: 43
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #7 on: May 08, 2017, 11:20:19 AM »
I'm an Information Security professional too, and I'd recommend either KeePass, Dashlane, or LastPass. 

KeePass is great because it stores everything locally, so you don't have to worry about one of the service providers getting hacked, or some kind of browser-based attack that could intercept the password.  One of the trade offs is that since it is stored locally, you can't (easily) sync the password across multiple devices, so if you're using your work computer instead of your home system, you might be without your password database.  Another issue is that some less technical folks I've interviewed had more trouble with the interface than the commercial products.  But that's a matter of personal preference and how comfortable you are with technology in general.

Dashlane and LastPass are pretty interchangeable in my mind.  They both have nice interfaces and do everything you'd want a password manager to do.  Security-wise they're pretty much identical too.  LastPass is less expensive if you need the features that come with the paid versions.  They've both had breaches, and vulnerabilities pointed out to them by various researchers (*cough* Tavis Ormandy *cough*) but they have both responded reasonably quickly, which is about the best you can hope for.  The breaches to date haven't resulted in a mass exposure of the passwords themselves, so typically the only impact to the user has been to have to get the latest version of the software and change your master password. 

Inherently, storing the passwords "in the cloud" is going to be less secure than having a local database, but there is some usability trade-off here.  For someone that's not protecting government secrets, Dashlane/LastPass are in my opinion an acceptable solution, and infinitely better than the alternative of either trying to remember a bunch of passwords or using the same one (or similar ones) on your various accounts.

I don't like the Guerilla Mail method.  Like I.P. Daley suggested, the lack of a salted hash (or them using a static salt) makes them weak for the reasons he/she mentioned.  Also, when the website you're using the password on gets compromised and you have to change your password, or if the site forces you to change your password every 90 days or whatever, you're stuck coming up with a way to make your own new password and are back to square one.

Daley

  • Magnum Stache
  • ******
  • Posts: 4319
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Choosing a password manager--advice needed
« Reply #8 on: May 08, 2017, 11:32:31 AM »
I don't like the Guerilla Mail method.  Like I.P. Daley suggested, the lack of a salted hash (or them using a static salt) makes them weak for the reasons he/she mentioned.  Also, when the website you're using the password on gets compromised and you have to change your password, or if the site forces you to change your password every 90 days or whatever, you're stuck coming up with a way to make your own new password and are back to square one.

*scratches beard* Definitely a dude. ;)

Good catch, by the way. Mandatory password resets muck with that idea, too. I was so focused on how fundamentally flawed it was, I missed an obvious point of failure in the real world because of it.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #9 on: May 08, 2017, 11:54:50 AM »
Problem One: How is this more secure than using plaintextpassword@amazon.com, plaintextpassword@ebay.com, plaintextpassword@mrmoneymustache.com for your passwords? Yes, the actual password might have been hashed into a non-dictionary word in this setup, but it's always the same hashed password. Having an exposed known username/password of lifeanon269@gmail.com for the username and !Ep8pui8Vw2@mrmoneymustache.com for the password means that anyone with more than two neurons to rub together is going to try using that email address with the first part of that password using the predictable second half of that password on other sites. Since you're using a single "master" password with this method, congratulations! You now need to change the password on EVERY SINGLE ONLINE ACCOUNT YOU HAVE because your "single" one-way "hashed" password has been compromised.

..snipped for the sake of brevity...

There's a reason why the greater public doesn't use the tripcode method to generate their passwords.
Spoiler: show
Just because someone knows how to use seven proxies doesn't make them an infosec specialist.
I kid, I kid... but seriously, if this is your job? You have some room for improvement here, and a blindness to an ideological concept that impairs some rational thinking, just like everyone else. Know you're not alone in this weakness, but you did just apply that in a very public way on the subject of personal security and passwords. Use that as an opportunity to grow, mature and learn. Unfortunately, people should take this idea with a grain of salt... pun intended.

Let me take a moment to further clarify. You're incorrect/mistaken about the security of it all and how it all works. Let me take a moment to explain a little bit further and in depth on the technical side.

First clarification is this:

domain/tag + master password -> one-way hashing = password

This means that you don't end up with any identifiable information in the resulting password. Because it is a completely irreversible process, there is no way anyone could take the resultant password and reverse it to find out what domain/tag you used or the master password you used.

As far as the guerillamail.com service, you are confusing their email service with the password tool I am talking about located at (http://www.guerrillamail.com/tools). The password tool leaves behind no domain or any identifiable information in the resulting password that gets generated. I suggest before criticizing me or my expertise on Information Security, you read up a little bit on what it being talked about. Their email service is what generates a throw-away email address such as 7p2292+6xj5x09pp9y40@sharklasers.com, not the password utility that I mentioned earlier.

The only critique that is valid against this method is if a password is forced to be changed at regular intervals or that certain criteria that must be met. That is why I wrote my own utility in Python so that I can determine the password complexity level that I would like to see in the resulting output. However, after using this method for quite some time, I've only come across 1 website so far that I use that doesn't accept a password that is at least 18 characters with all character types (Upper, Lower, Number, Special).

As far as security goes however, this method is hands down way more secure than any reversible encryption method. If you'd like to discuss the mathematics behind why that is further, I'd be happy to.
« Last Edit: May 08, 2017, 12:11:12 PM by lifeanon269 »

Daley

  • Magnum Stache
  • ******
  • Posts: 4319
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Choosing a password manager--advice needed
« Reply #10 on: May 08, 2017, 12:19:53 PM »
Let me take a moment to further clarify. You're incorrect/mistaken about the security of it all and how it all works. Let me take a moment to explain a little bit further and in depth on the technical side.

No I am not. Both myself and GoingToMaine understand exactly what you're suggesting, the "tools" linked, and how it works. You are placing far too much weight in the security of hash algorithms without or with a known public salt. Even including the domain with the "password" to generate the hash, you're still using publicly known math. It may be "complex" math given the size of the numbers involved, but it's still basic math with potentially known elements of the password. Anyone who uses the phrase "completely irreversible" seriously in encryption discussions regarding hash generation without using secret, private, unknowable salts is a fool.

This isn't as good an idea as you think it is. If it was, given how "simple" and known a concept as it is (this ia a very old idea, by the way), why are you and other "anons" the only people recommending this idea? And nobody, like say, Bruce Schneier or the braintrusts at Google/Microsoft/Apple/NIST/NSA et al?
« Last Edit: May 08, 2017, 12:36:50 PM by I.P. Daley »

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #11 on: May 08, 2017, 01:02:59 PM »
Let me take a moment to further clarify. You're incorrect/mistaken about the security of it all and how it all works. Let me take a moment to explain a little bit further and in depth on the technical side.

No I am not. Both myself and GoingToMaine understand exactly what you're suggesting, the "tools" linked, and how it works. You are placing far too much weight in the security of hash algorithms without or with a known public salt. Even including the domain with the "password" to generate the hash, you're still using publicly known math. It may be "complex" math given the size of the numbers involved, but it's still basic math.

This isn't as good an idea as you think it is. If it was, given how "simple" and known a concept as it is (this ia a very old idea, by the way), why are you and other "anons" the only people recommending this idea? And nobody, like say, Bruce Schneier or the braintrusts at Google?

You clearly don't understand. Publically known math? Every well established encryption algorithm, reversible or irreversible, is publically known math. That's what makes them strong encryption algorithms. No one in their right mind would use an encryption algorithm that hasn't been vetted by the public for at least a decade.

You clearly misunderstood what was being talked about seeing as how you completely misrepresented what I stated by saying that the resulting output would contain identifiable information in it.

Placing too much trust on hashing algorithms? Are you kidding me? The entire security industry places their trust in hashing algorithms. Bitcoin, and the blockchain it is built on, places its entire trust on hashing algorithms. That's what makes it such a secure currency because of the fact that it is so difficult to generate any specific given hash when given a block and a nonce.

The security of hashing is certainly dependent upon its usage. With Bitcoin, its security is most dependent upon computing power. In the application that I am talking about above, hashing is about as secure as it gets. It is like using an XOR algorithm to encrypt an 8-bit value with an 8-bit key. As long as that 8-bit key is never exposed, it is mathematically impossible to reverse the 8-bit encrypted output.

For further proof, here is a quick hashing password generator that was used to generate the following password:

Q522@48SQ#80!9db70

The code used to generate that password I just put up on github:

https://github.com/clonmac/pkey/blob/master/pkey.py

The domain used to generate that password was mrmoneymustache.com

Now, if anyone can tell me the master password that was used to generate that password and prove it, I will personally give them $10,000. That's high confidence even when using static values for special characters.

You won't find too many security professionals who would be comfortable putting up their reversible encrypted password files that contained all their passwords in it for all the public to view.

You keep throwing around the term "salt", but I don't even think you actually know what that term means or how it applies to security. A salt in almost all applications is typically a known value. A salt when used for password storage must be known (such as in a Linux shadow file) in order for the hash to be verified for authentication purposes. A "salt" in bitcoin hashing (also known as the nonce) must be known so that the hash can be verified.

If a website is compromised and that website neglected security and stored all their passwords in plaintext, I don't need to worry about my master password being stolen. There would be no way for them to determine from the password stolen what algorithms were used to generate that password. Given that fact, that means that it would be impossible, yes IMPOSSIBLE, to reverse it to determine the master password I used to generate it. Furthermore, even if they knew the algorithm (as I showed above), it would be nearly impossible to brute force the master password (with today's technology) given the master password was long enough.

Don't call into question my knowledge on information security if you can't back up your critique with sufficient knowledge yourself.


PS. The password shown above is not my password for this website, nice try. lol
« Last Edit: May 08, 2017, 01:06:39 PM by lifeanon269 »

Daley

  • Magnum Stache
  • ******
  • Posts: 4319
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Choosing a password manager--advice needed
« Reply #12 on: May 08, 2017, 01:47:54 PM »
Don't call into question my knowledge on information security if you can't back up your critique with sufficient knowledge yourself.

Listen, I don't want to fight with you. I do want to emphasize that I believe your method isn't as secure as you think it is. I'm old enough and wise enough to know never to use the word "impossible" when describing anything, especially when it comes to matters of encryption.

If your method helps you sleep at night, more power to you. If it inspires such youthful bravado that you make the claims you do, more power to you. I'm just going on the record as saying this method of password generation isn't as great an idea as it seems on first blush, for multiple reasons. I don't have the desire or inclination to prove my point to you as much as you want to try and prove your point to me, but I highly suspect that given what's on the line, you'll eventually find someone more than happy to take you up on this challenge.

Be well, good anon. May your method actually be as secure as you claim.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #13 on: May 08, 2017, 02:20:50 PM »
Don't call into question my knowledge on information security if you can't back up your critique with sufficient knowledge yourself.

Listen, I don't want to fight with you. I do want to emphasize that I believe your method isn't as secure as you think it is. I'm old enough and wise enough to know never to use the word "impossible" when describing anything, especially when it comes to matters of encryption.

If your method helps you sleep at night, more power to you. If it inspires such youthful bravado that you make the claims you do, more power to you. I'm just going on the record as saying this method of password generation isn't as great an idea as it seems on first blush, for multiple reasons. I don't have the desire or inclination to prove my point to you as much as you want to try and prove your point to me, but I highly suspect that given what's on the line, you'll eventually find someone more than happy to take you up on this challenge.

Be well, good anon. May your method actually be as secure as you claim.

I wasn't looking for a fight either, but you called my professional work and expertise into question without even fully understanding the concept at hand. That's what bothered me most. Had you instead just openly discussed the topic as opposed to going all ad hominem while exposing your own knowledge gaps, I would've been much more receptive. The fact that you're continually using the term "salt" incorrectly further proves that you don't fully understand this topic at hand.

I would've had no problem if your critique of the concept stuck with the points about usability (such as with password rotations or complexity requirements). Certainly those are hurdles, which is why I use my own tools based on the same concepts to alleviate them. But, when you critiqued the concept based on its security premise alone, that's when I have to correct you.

It is mathematically impossible to specifically determine the original inputs that generated the sha256 hash starting with, for example, "517056bb11218aaf44dc67a8300" because of the fact that there is data loss. A complete sha256 hash is 64 characters in length. So without the full hash, it is literally impossible to specifically determine the original inputs of the equation. This is essentially what is happening with the password generation algorithm I linked to above. So when I say it is impossible, it is absolutely impossible. An attacker may be able to determine some inputs that complete the equation (though highly unlikely given today's computing power), but there would be absolutely no way to verify that against the true original inputs which would make the attack pointless anyway. Since there is no way to verify the original inputs other than me saying "Yes, those are the original inputs", it would be impossible for an attacker to brute force anything even if given the resultant output and the algorithm used.

As for the OP, as I originally stated, Keepass is probably the best offline utility that uses reversible encryption. I don't recommend any online utility that uses reversible encryption unless you care more about usability instead of security.

I merely mentioned the method I stated above as one of the best options from a security perspective since you're not leaving behind a potential trail to be compromised in the form of reversibly encrypted data. Obviously though the most important thing is that you're using different passwords for every website and those passwords are at least 16+ characters in length.  Whatever utility/tools helps you achieve that end, the more power to you.

Daley

  • Magnum Stache
  • ******
  • Posts: 4319
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Choosing a password manager--advice needed
« Reply #14 on: May 08, 2017, 03:20:16 PM »
I wasn't looking for a fight either, but you called my professional work and expertise into question without even fully understanding the concept at hand. That's what bothered me most. Had you instead just openly discussed the topic as opposed to going all ad hominem while exposing your own knowledge gaps, I would've been much more receptive. The fact that you're continually using the term "salt" incorrectly further proves that you don't fully understand this topic at hand.

Okay, I am genuinely sorry that I offended you. I am also sorry for my part in any communications where we might have talked past each other. Mea culpa.

I do hope that through your own defense, however, that you may begin to understand why others might be concerned with the fundamental concept as applied in real-world use. The idea is basically just the old futaba tripcodes with extra, somewhat predictable steps/inputs for "randomization", which really isn't that random at all. You're just using your own encrypted passphrase to generate a "random" password. This is what I used to call crackhead level security at its best. It might be secure enough to lock out a random thug off the street, but not good enough to protect against targeted attacks... but that's a fundamental weakness of all cryptography. All anyone can hope for is that their preferred tools don't eventually prove to have vulnerabilities or be overcome by raw computing power.

Unfortunately, all things made by man are imperfect and I've lost track of how many crypto hashes that claimed one-way brute-force security for "X number of lifetimes" have so ridiculously fallen apart within my own livable memory, either through weaknesses to the core algorithm or being wholly overtaken by technology advancements and cheats like rainbow tables to the point of uselessness.

Better to have a random password generated for each site than to have all passwords generated off of a "one way" crypto hashed phrase.

That said, best tool for whomever provides the best tool for them.

Best of luck to you in your career.
« Last Edit: May 08, 2017, 03:22:44 PM by I.P. Daley »

AshStash

  • 5 O'Clock Shadow
  • *
  • Posts: 53
Re: Choosing a password manager--advice needed
« Reply #15 on: May 08, 2017, 04:03:52 PM »
I recommend a password manager to everyone. It's so much easier to remember a master password and not have to worry about any other passwords. It saves more time than I ever would have expected--I don' think I realized how often I was making multiple password attempts on sites, requesting new passwords, etc. 1Password is my favorite choice in the Apple ecosystem and you can choose between online or offline storage.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #16 on: May 08, 2017, 05:37:09 PM »
I do hope that through your own defense, however, that you may begin to understand why others might be concerned with the fundamental concept as applied in real-world use. The idea is basically just the old futaba tripcodes with extra, somewhat predictable steps/inputs for "randomization", which really isn't that random at all.

It has nothing in common with tripcodes aside from using hashing algorithms. By that definition, anything that uses hashing algorithms are basically the same idea. The technological breakthrough of the blockchain, by that definition, is the same idea. I assure you that is not the case.

You're just using your own encrypted passphrase to generate a "random" password. This is what I used to call crackhead level security at its best. It might be secure enough to lock out a random thug off the street, but not good enough to protect against targeted attacks... but that's a fundamental weakness of all cryptography. All anyone can hope for is that their preferred tools don't eventually prove to have vulnerabilities or be overcome by raw computing power.

This statement doesn't even make sense as it pertains to this application and grossly misunderstands cryptography and its uses/benefits/limitations. This is at the heart of our disagreement. You're applying the concept of password hashing with regards to authentication and the potential risks and vulnerabilties that hashing algorithms in this application have. Salting, in this application, can prevent pre-computation attacks such as rainbow tables from being able to crack stored hashes in a password database. Password cracking, in regards to what you're talking about, has nothing to do with how hashing is being used in this application.

Let me further prove my point this way:

Take these two passwords:

Q522@48SQ#80!9db70
2638@UU96#2f!97d9c

Both passwords were generated using a similar technique, but one password was generated using the sha1 algorithm and the other was generated using the sha256 algorithm. If all you're looking at is those two passwords, you'd have no idea which algorithm was used to generate which password. In order to ever even be able to attempt to determine the inputs that generated those passwords, you'd need to know that. If a website is compromised revealing either of these passwords, an attacker would have no idea how these passwords were generated and ultimately it would look like they were simply randomly generated since they don't fit typical hash algorithm outputs. This is at the heart of what you're misunderstanding and by misunderstanding this, your potentially confusing others from understanding these security concepts. So from a password security standpoint (which is what this whole thread is about), this method offers the same level of security in regards to password strength compared to any other method of password creation. However, the benefit to this method, as I already mentioned is that this password can be used and generated countless times without leaving behind any possible reversible footprint as is the case with any password safe that you use. One look at the number of breaches with password safes (both online and offline) shows how vulnerable they are.

In the event that the algorithm is known, as is the case above in my wager. It comes down to computational mathmatics. In that case, since more than half of the hash is unknown, that means it is impossible to truly know the original inputs, even if the sha256 algorithm is broken. Because you have no way of actually validating whether you've successfully "cracked" the original inputs or not, you'd have absolutely no way of determining what the master password truly is. Cracking, in the sense that you're describing, is only possible when you know the full hash and you're looking for a specific value that validates that output. This is why, in this application, it doesn't matter how "secure" these algorithms are from a computational standpoint. You can say the following quote below all you want, it doesn't matter in the application that this is being used for in this sense. All that matters is the psedo-randomness of the hashing algorithm. And before you say "Ya, but...pseudo", that doesn't matter either.

Unfortunately, all things made by man are imperfect and I've lost track of how many crypto hashes that claimed one-way brute-force security for "X number of lifetimes" have so ridiculously fallen apart within my own livable memory, either through weaknesses to the core algorithm or being wholly overtaken by technology advancements and cheats like rainbow tables to the point of uselessness.

I absolutely agree that all code is vulnerable and imperfect. But, if you don't understand the math behind how things work and where those vulnerabilities may exist in systems, then you shouldn't be making claims as you have. Hashing algorithms have many uses. For example, Google Security researchers recently demostrated the ability to create sha1 hash collisions. This effectively kills the sha1 algorithm for use with validation/verification purposes where authenticity is important. That doesn't stop the sha1 algorithm from being useful for pseudorandomness purposes as is the case here. Such as that, even the MD5 algorithm can be useful in these applications even though that algorithm is no longer computationally secure.

Better to have a random password generated for each site than to have all passwords generated off of a "one way" crypto hashed phrase.

This also demonstrates your lack of understanding with the topic at hand. What makes you think any algorithm used to generate a "random" password is any more computationally better at pseudo-randomness than any hashing algorithm is, especially if that random generation doesn't incorporate a hardware-based entropy generator to base its calculation on?

Best of luck to you in your career.

Thank you and you to yours.

doneby35

  • Bristles
  • ***
  • Posts: 319
Re: Choosing a password manager--advice needed
« Reply #17 on: May 08, 2017, 06:18:15 PM »
The technical info on here is impressive, but unless the person who asked is an IT Professional and understands cryptography then the answer to the question is:
Lastpass should do.

SharkStomper

  • 5 O'Clock Shadow
  • *
  • Posts: 79
  • Age: 52
  • Location: Great State of Tennessee
Re: Choosing a password manager--advice needed
« Reply #18 on: May 08, 2017, 06:27:30 PM »
The technical info on here is impressive, but unless the person who asked is an IT Professional and understands cryptography then the answer to the question is:
Lastpass should do.

Likely true.  Personally I use a password protected excel file stored locally on my computer with regular backups.  Not as elegant as most here, but I feel secure that my passwords are safe.

Also, I have taken up the $10K challenge that has been issued and hope to have an answer by tomorrow.  I'll report my findings either way.

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #19 on: May 08, 2017, 06:54:28 PM »
For what it's worth... everybody and their dog are Internet security professionals.  I am... or was... before FIRE.

I, too, use a homespun concoction (which is not overly helpful to the OP) but it's mostly just scripts that duct tape built in linux file encryption, password generation and create unique email addressing per site.  IMO, the real nuts and bolts of encryption should be left to encryption specialists.

For the OP, my blind recommendation is Password Safe (pwsafe.org).  I say blind because I have never used it, but just have lots of respect for it's author as an encryption specialist (Bruce Schnier).

My other general recommendations are:
* use a different userid and email address for every single account you generate.  Yes, this seems like a pain in the ass, but it's not so awful.  If you have your own domain, it's simple.  If not, there are multiple sites out there that will support this.  I've used sneakemail.com for years and would recommend them.  If one account gets compromised or spammed or sold, you just delete that email address forever.  POOF... gone.
* when it comes to password reset questions: Lie.  Lie big.  When it asks for "mother's maiden name" answer "wart on a rhinoceros".  ...and then put that data in your password manager as well.  Don't use stuff that is readily available on facebook, ancestry.com, google, etc.  Those things are awful for password resets.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #20 on: May 08, 2017, 07:20:42 PM »
Also, I have taken up the $10K challenge that has been issued and hope to have an answer by tomorrow.  I'll report my findings either way.

Do post your method if you are successful in breaking sha256. That would be frontpage news worthy. Such a breakthrough would be absolutely critical to the security of every organization. It will certainly happen some day. If quantum computing ever comes along, all of our algorithms will need to be completely rewritten. However, that doesn't change the success rate of my wager one bit. It is like trying to solve the following equation for 'x':

y + 12 = x

The "+ 12" is the algorithm used in the equation, but knowing that doesn't help you solve for x when there are an infinite number of possibilities for 'y'. When my "master password" is y and has an infinite number of possibilies that would equate to a possible x value, then solving for 'x' or 'y' isn't possible without a whole lot of guesswork which in turn would require validation from me that you're right.   ;)

Hopefully that math sums up some of the discussion above easier for everyone to understand.

For what it's worth... everybody and their dog are Internet security professionals.  I am... or was... before FIRE.

I wish that were true. Otherwise we wouldn't be facing a shortfall of over 1 million qualified security professionals in the industry.

My other general recommendations are:
* use a different userid and email address for every single account you generate.  Yes, this seems like a pain in the ass, but it's not so awful.  If you have your own domain, it's simple.  If not, there are multiple sites out there that will support this.  I've used sneakemail.com for years and would recommend them.  If one account gets compromised or spammed or sold, you just delete that email address forever.  POOF... gone.
* when it comes to password reset questions: Lie.  Lie big.  When it asks for "mother's maiden name" answer "wart on a rhinoceros".  ...and then put that data in your password manager as well.  Don't use stuff that is readily available on facebook, ancestry.com, google, etc.  Those things are awful for password resets.

These are good recommendations and are worth emphasizing. Having secure passwords hardly makes a difference if your security questions can be easily answered. Like Spork said, no one ever said the answers to your questions need to be true. Likewise with the user id being different with all your accounts. It is also good to enable two-factor authentication on any account possible.
« Last Edit: May 08, 2017, 07:55:44 PM by lifeanon269 »

MarciaB

  • Pencil Stache
  • ****
  • Posts: 503
  • Age: 60
  • Location: Oregon
Re: Choosing a password manager--advice needed
« Reply #21 on: May 08, 2017, 08:37:03 PM »
I use Lastpass and it's saved me tons of time not being frustrated by trying to remember a password (or searching for that little scrap of paper where I listed it).

But I'm uneasy with the idea that my passwords are on their site, because who knows if it might get hacked. And because I don't understand any of the cybersecurity stuff on the above posts [covers ears and says la-la-la-la] I added my own little bit of "security" to the deal.

So here's what I did. I chose a theme (for example's sake let's say I chose trees as my theme). I then abbreviated the passwords I put into Lastpass so that they wouldn't make sense to a thief, but do remind me of what the actual password is.

So - I create a password on a site for a credit card and it's "Pine123%" but in Lasspass I put "P123%" in the password field. "Elm99#" on the bank account becomes "E99#"...etc. I know my theme is trees, so the "P" or the "E" isn't a mystery to me...but would be to someone else.

Rocket

  • 5 O'Clock Shadow
  • *
  • Posts: 99
  • Location: Los Angeles
Re: Choosing a password manager--advice needed
« Reply #22 on: May 08, 2017, 09:50:20 PM »
I use lastpass on my Mac mini, chromebook and iphone.  I'm not a security expert so I cant talk to the pros/cons of various services.  For me its safer because it makes it easier for me to keep track of my passwords/security questions, create stronger passwords and makes it easier to change my passwords more often.

SharkStomper

  • 5 O'Clock Shadow
  • *
  • Posts: 79
  • Age: 52
  • Location: Great State of Tennessee
Re: Choosing a password manager--advice needed
« Reply #23 on: May 09, 2017, 12:36:10 AM »
Also, I have taken up the $10K challenge that has been issued and hope to have an answer by tomorrow.  I'll report my findings either way.

Do post your method if you are successful in breaking sha256. That would be frontpage news worthy. Such a breakthrough would be absolutely critical to the security of every organization. It will certainly happen some day. If quantum computing ever comes along, all of our algorithms will need to be completely rewritten. However, that doesn't change the success rate of my wager one bit. It is like trying to solve the following equation for 'x':

y + 12 = x

The "+ 12" is the algorithm used in the equation, but knowing that doesn't help you solve for x when there are an infinite number of possibilities for 'y'. When my "master password" is y and has an infinite number of possibilies that would equate to a possible x value, then solving for 'x' or 'y' isn't possible without a whole lot of guesswork which in turn would require validation from me that you're right.   ;)

Hopefully that math sums up some of the discussion above easier for everyone to understand.

Haha I'm not trying to break sha256, I'm just running an old fashioned dictionary attack.  It looks like your $10K is safe from me.  I ran it against a list with 64 million words and didn't get any hits.  And I knew what the chances were, but I like to play around with Python so it was a fun puzzle.
« Last Edit: May 09, 2017, 12:46:37 AM by SharkStomper »

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #24 on: May 09, 2017, 06:13:00 AM »

For what it's worth... everybody and their dog are Internet security professionals.  I am... or was... before FIRE.

I wish that were true. Otherwise we wouldn't be facing a shortfall of over 1 million qualified security professionals in the industry.


That was tongue in cheek.  Don't take me so literally.

wanderin1

  • 5 O'Clock Shadow
  • *
  • Posts: 61
Re: Choosing a password manager--advice needed
« Reply #25 on: May 09, 2017, 07:36:16 AM »
OP here--wow, never a dull moment on the MMM boards!

Thanks for the product recommendations, tech discussion and general security tips. So far, of the commercial products, Lastpass has received the most votes, followed by KeePass. Anyone else want to chime in?

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #26 on: May 09, 2017, 07:42:53 AM »

For what it's worth... everybody and their dog are Internet security professionals.  I am... or was... before FIRE.

I wish that were true. Otherwise we wouldn't be facing a shortfall of over 1 million qualified security professionals in the industry.


That was tongue in cheek.  Don't take me so literally.

I know. No worries, haha.    ;)

valsecito

  • 5 O'Clock Shadow
  • *
  • Posts: 70
Re: Choosing a password manager--advice needed
« Reply #27 on: May 09, 2017, 10:19:25 AM »
http://keepass.info , NOT lastpass. Local storage only beats whatever remote solutions hands down in terms of security.

Nothlit

  • Bristles
  • ***
  • Posts: 403
Re: Choosing a password manager--advice needed
« Reply #28 on: May 09, 2017, 12:29:09 PM »
I use Lastpass and it's saved me tons of time not being frustrated by trying to remember a password (or searching for that little scrap of paper where I listed it).

But I'm uneasy with the idea that my passwords are on their site, because who knows if it might get hacked.

http://keepass.info , NOT lastpass. Local storage only beats whatever remote solutions hands down in terms of security.

LastPass does not store your passwords on their site. Your passwords are stored in an encrypted blob of data that is only ever decrypted locally on your computer when you type your master password. Yes, that encrypted blob is stored on LastPass's servers, but a hacker who gains access to LastPass's site/servers would not be able to decrypt your encrypted blob unless they can also guess your master password, which is why it's important to choose a strong master password.

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #29 on: May 09, 2017, 01:15:34 PM »
My own utility works a little better for my needs than the guerillamail version (if anyone would like the python source, I can share it), but that guerrillamail.com tool is still a good option for managing your passwords in a really secure manner. As a bonus, the site can be accessed on your phone if you ever need it, so you don't have to worry about needing access to an offline password store.

I hesitate to criticize your script because it seems like you are not fond of criticism.  But I was looking at the code and... I can't in good conscience tell people this is a good idea.  Caveat: I'm not a python programmer... I'm more of a perl guy. 

You're very confident about everyone's inability to reverse engineer your passwords to your master password.  I generally leave encryption math to the encryption specialists, so ... you may be correct.  I'm skeptical, but you may be correct nonetheless.  The problem though is that you're generating terribly non-random passwords.  Sure, if you're the only one that knows you are using your tool, you are very probably safe.  But if you share it and it catches on... that's a problem.

Your script seems to generate passwords to solve the rules of "must contain a special, a numeric, a letter, an upper"... but the real point of those rules is to make the password key space large.  You effectively only have 22 characters in the passwords you generate.  (Technically there are 24, but the '!' and the '@' are at fixed locations.  If someone suspects your methodology, those might as well not exist.)  Otherwise, you are only using 0123456789abcdefPQRST (weighted 2x more towards the numeric than the upper/lower).   That's less than just "all lowercase".

I see other practical problems of the one-way hash in general that wouldn't work for me... but might still work for others.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #30 on: May 09, 2017, 01:57:28 PM »
I hesitate to criticize your script because it seems like you are not fond of criticism.  But I was looking at the code and... I can't in good conscience tell people this is a good idea.  Caveat: I'm not a python programmer... I'm more of a perl guy. 

You're very confident about everyone's inability to reverse engineer your passwords to your master password.  I generally leave encryption math to the encryption specialists, so ... you may be correct.  I'm skeptical, but you may be correct nonetheless.  The problem though is that you're generating terribly non-random passwords.  Sure, if you're the only one that knows you are using your tool, you are very probably safe.  But if you share it and it catches on... that's a problem.

Your script seems to generate passwords to solve the rules of "must contain a special, a numeric, a letter, an upper"... but the real point of those rules is to make the password key space large.  You effectively only have 22 characters in the passwords you generate.  (Technically there are 24, but the '!' and the '@' are at fixed locations.  If someone suspects your methodology, those might as well not exist.)  Otherwise, you are only using 0123456789abcdefPQRST (weighted 2x more towards the numeric than the upper/lower).   That's less than just "all lowercase".

I see other practical problems of the one-way hash in general that wouldn't work for me... but might still work for others.

I'm totally OK with criticism as long as it is good constructive criticism.

Your critique of that script is absolutely valid. The script I uploaded is not the script that I actually use for my passwords. I created the script for the sole purpose of this thread for demonstration of the concept (you'll see the original commit time on github was just yesterday after this thread started). I didn't take the time to include true randomization of special characters and rotation of hash characters to include the full range of the alphabet since hash values are hexidecimal.

That script also only generates passwords that are 17 or 18 characters, the script I use creates passwords that are 20 characters in length.

That being said, in reality, length always beats complexity when it comes to password strength. A password of aaaaaaaaaaaaaaaaaaaa is actually a stronger password than !Aj3kl3@

So regardless of the character set you use in your password, creating a longer password is always best. That's because for every additional character you include, the number of permutations for all possible passwords increases exponentially.  Even if your character set is only 22 characters, the number of potential permutations is roughly 1.165729954414365e+59 for a 20 character password. Where as a password that is only 8 characters in length that includes uppercase, lowercase, numbers, and special characters has roughly only 722,204,136,308,736 permutations.

Length > Complexity

So yes, no body actually should use the script that I posted to github. That is something I probably should've mentioned.


EDIT: Also, I just wanted to mention, for clarity's sake, that the security of the passwords that the script generates is completely separate from the security that protects my master password. The security of the passwords that the script outputs protects the security of your account on the website that you use it on. What I mentioned above about permutations is in regards to that.

The security of my master password is completely dependent on the inputs that I used to generate the output (the resultant password). Those inputs I can freely choose myself and includes not only my master password, but also the domain that is inputted. This means that the number of permutations that are possible when being hashed with sha256 are equivalent to a password that contains lowercase, uppercase, specials, numbers and is over 40 characters in length. The number of possible permutations are over 1.414595765388568e+76. That's the equivalent to a password that would take a computer over 143 VIGINTILLION YEARS to crack. I think my $10,000 is safe for the time being.
« Last Edit: May 09, 2017, 02:09:26 PM by lifeanon269 »

StetsTerhune

  • Bristles
  • ***
  • Posts: 454
Re: Choosing a password manager--advice needed
« Reply #31 on: May 09, 2017, 02:16:36 PM »
Well this was a lot more fun of a thread then I thought it would be when I clicked on it...

I don't have the time or the specific expertise to have any idea who is technically "correct" about whether lifeanon's program or method is as perfectly secure as he thinks it is, but I have to think than in real terms it is hugely, hugely more secure against the actual threats any of us should be worried about than any commercial password manager could possibly be.

Here's two scenarios, tell me which sounds more plausible to you:
1. some cybercriminals put a huge amount of effort into finding and exploiting a flaw in a commercial password manager (which I'm sure are using very secure math and algorithms, but are still not perfect as with all things programmed by man). Succeed, steal all or a subset of all the password information and go about using them to steal money or blackmail its users en masse or whatever
2. someone, having gotten a couple of passwords from lifeanon's various accounts (from hacking specific sites he uses) then looks at lifeanon's password and thinks to themself "I'll bet this is generated by a custom piece of code to create passwords from a combination of a master password and the site name, I should put some programming time into trying to reverse engineer that process and then see if I can use the generated master password to randomly look into other websites and see if he uses them and steal money or blackmail him."

Those are both pretty low probability events, of course, but #1 seems a hell of a lot more plausible to me. The answer would be very different if we were talking about building a system for something that's a "target" for thieves. But for some random guy named lifeanon who no cybercriminal has any reason to focus on... the threats that IP Daley are talking about are extraordinarily unrealistic.

edit to add: my scenario 2 is made a hell of a lot more plausible by the existence of this thread... pride cometh before the fall, lifeanon269.
« Last Edit: May 09, 2017, 02:24:40 PM by StetsTerhune »

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #32 on: May 09, 2017, 02:28:31 PM »
edit to add: my scenario 2 is made a hell of a lot more plausible by the existence of this thread... pride cometh before the fall, lifeanon269.

Haha, dang it!! lol

All good points though.

retiringearly

  • Bristles
  • ***
  • Posts: 343
Re: Choosing a password manager--advice needed
« Reply #33 on: May 09, 2017, 02:30:13 PM »
I have used RoboForm for several years.  I just started using Sticky Password recently, they had a lifetime subscription deal that I found on SlickDeals and went with it.

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #34 on: May 09, 2017, 02:37:01 PM »

That being said, in reality, length always beats complexity when it comes to password strength. A password of aaaaaaaaaaaaaaaaaaaa is actually a stronger password than !Aj3kl3@
 <misc deleted>

Length > Complexity

That all depends on the cracking mechanism.  If I know your password generation mechanism, the brute force mechanism would be tuned to it.   If someone were to publish a hashed based algorithm with predictable outputs, the search would be quicker. 

Either way, there are too many side practical aspects of this mechanism that: It's not for me.

valsecito

  • 5 O'Clock Shadow
  • *
  • Posts: 70
Re: Choosing a password manager--advice needed
« Reply #35 on: May 09, 2017, 03:09:45 PM »
I use Lastpass and it's saved me tons of time not being frustrated by trying to remember a password (or searching for that little scrap of paper where I listed it).

But I'm uneasy with the idea that my passwords are on their site, because who knows if it might get hacked.

http://keepass.info , NOT lastpass. Local storage only beats whatever remote solutions hands down in terms of security.

LastPass does not store your passwords on their site. Your passwords are stored in an encrypted blob of data that is only ever decrypted locally on your computer when you type your master password. Yes, that encrypted blob is stored on LastPass's servers, but a hacker who gains access to LastPass's site/servers would not be able to decrypt your encrypted blob unless they can also guess your master password, which is why it's important to choose a strong master password.

http://www.zdnet.com/article/lastpass-hit-by-password-stealing-and-code-execution-vulnerabilities/
https://www.grepular.com/LastPass_Vulnerability_Exposes_Account_Details
http://www.pcworld.com/article/3185731/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html
etcetera

The bar is higher for web/browser based applications, and LastPass doesn't pass it. The most important LastPass attack vector just doesn't apply to Keepass at all.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #36 on: May 09, 2017, 06:28:04 PM »

That being said, in reality, length always beats complexity when it comes to password strength. A password of aaaaaaaaaaaaaaaaaaaa is actually a stronger password than !Aj3kl3@
 <misc deleted>

Length > Complexity

That all depends on the cracking mechanism.  If I know your password generation mechanism, the brute force mechanism would be tuned to it.   If someone were to publish a hashed based algorithm with predictable outputs, the search would be quicker. 

Either way, there are too many side practical aspects of this mechanism that: It's not for me.

I'm sorry, I have to correct you because if anyone takes anything away from this thread, it is exactly what you quoted me as saying. For emphasis:

Length > Complexity   ...always

No matter what. It doesn't matter that the "cracking" mechanism the attacker is using, whatever that means. Even if someone knows the exact character set being used for a given hash found in a password database (throwing out all reasoning why that isn't realistic), length is still better than complexity. This is such an important concept because even within the InfoSec industry, this has been an extremely slow concept for even the professionals to come around to. Auditors are finally beginning to realize this but many of the regulations still state otherwise. We've beaten into people's heads how to create "strong" passwords in ways that are actually counter to making a strong password in reality. Users are taught to create complex, hard to remember, short passwords that expire often which only trains us to forget and write them down. Then, when they expire, because they are complex, the user simply changes the password by one character just to update it. In reality, users should be allowed to create long passwords (18+ characters) without being forced into complexity requirements or routine password changes. This cartoon graphic sums it up well:



Take for example an 18 character password where for any given character the max character set used is a measly 10 and 3 of the characters are static. This is essentially equivalent to a 15 character password that contains only numbers. Mathematically, that's:

1*1*1*10*10*10*10*10*10*10*10*10*10*10*10*10*10*10 = 1×10¹⁵ possible permutations

Compare that to a short 8 character password that contains a full character set of uppercase, lowercase, numeric, and special characters (72 possible characters):

72*72*72*72*72*72*72*72 = 7.222041363×10¹⁴ possible permutations

That's almost double the number of possible password permutations even given the limited character space used for the first password.

However, this all ignores one giant fact. The attacker, when given a hash to crack, will have no idea what the character space is that was used to generate the hash. So they must assume that a full character set was used or simply attempt to crack the "low hanging fruit" and go after those users that used the bare minimum. Generally an attacker will know what the website's password policy was. So typically they'll try and crack all the easier passwords of all the users who simply met the bare minimum requirements.

As StetsTerhune said, even given all the computational aspects of cryptography that have been discussed, sometimes the biggest determining factor for risk is the probability of something occuring. If all the downsides that have been discussed have extremely low probabilities of occuring, then you've greatly reduced your risk given the fact that you'd still be using passwords that are very strong across all your websites. This is why I recommended the hashing method since you're not storing your passwords anywhere that are highly targeted among attackers. As long as the passwords you're generating are 18+ characters, you're computationally secure while also keeping your footprint minimal from a risk standpoint. I agree with you Spork that the hashing method I recommended is not for everyone for some practical reasons. But from what I've seen, most websites will readily accept longer passwords now and rarely do they ever enforce password resets. Furthermore, there are always simple ways around that, for example, when inputting the domain name, simply input the domain name and the year or month (amazon.com2017 or amazon.comMay). That way you can simply reset your passwords accordingly for your websites without needing to remember any additional information. The passwords then that are generated will always be completely different each time without ever having to change up the algorithm that was used to generate them.

First and foremost, however, my recommendation for anyone here looking to use a password safe is, even before you start using a password safe of any kind, if you're using passwords that are 12 characters or less, your first step toward better security is to upgrade those passwords to something that is 18 characters or more. There is no point in documenting all your insecure passwords into one centralized vault when all your accounts are low hanging fruit for any attacker. It has often been stated that if your password is 12 characters or less, with extent of all the password breaches across the whole internet, then someone knows what that password is.

It wouldn't be a bad idea for anyone here to check yourself out on the website https://haveibeenpwned.com/  You can put in your information to determine if any of the websites you've used in the past have exposed any of your information.

I hope some people find this helpful. I truly don't mean to come off as aggressive sounding toward anyone and I hope that isn't the case. I am merely trying to hammer a concept home to people as this is something I've been battling within my career for quite some time. It seems like the industry is finally starting to come around to improving password policies, but some regulations are still lagging behind.

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #37 on: May 09, 2017, 07:20:32 PM »
FWIW: I understand simple math of (character set)^length

And, yes, everyone in the world has seen that xkcd cartoon.

What I mean is: more common passwords will be applied first.  If a pattern/mechanism has been observed as common, they will be applied first.  That's why (even long) dictionary words (even words with p3rmuTat10n5) crack more easily.  And "p3rmuTat10n5" is likely to crack before "!Aj3kl3@"... because that is how the rules are written.  Dictionary first, then brute force.  It's not exactly as simple as "length beats complexity".

Brute force is not quite as brute force as (character set)^length implies.  Common methods will fall first.




GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 75
  • Age: 43
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #38 on: May 09, 2017, 08:47:01 PM »
First and foremost, however, my recommendation for anyone here looking to use a password safe is, even before you start using a password safe of any kind, if you're using passwords that are 12 characters or less, your first step toward better security is to upgrade those passwords to something that is 18 characters or more. There is no point in documenting all your insecure passwords into one centralized vault when all your accounts are low hanging fruit for any attacker.
Yes, you should lengthen your passwords.  Absolutely.  But I do think you can benefit from getting them into a password manager first for one reason - LastPass and some of the other tools have features that can help you with the process of choosing stronger passwords and starting using them. 

One is a feature that essentially audits and scores your passwords, helping you immediately identify the weakest ones to target and change.  The algorithm they use for this scoring seems to put a lot of weight on length, making sure it's not obvious (like if your Amazon password was AmazonPassword), and making sure you're not reusing the password anywhere else.  The second feature is that they usually include a random password generator that will spit out a better password than whatever 99% of the population will dream up on their own.  Finally, for a lot of sites, they have an automatic change feature.  So you can click a button and it will pick a new random strong password for you AND go to the website and setup that new password.  Easy peasy, though admittedly a little scary the first time you try it.

So yeah, "change them right this minute to something super awesome" is the most secure response, but it might be more practical for some folks, especially those who might not really know what a super awesome password really looks like, to document what they have first and let the tools assist with that process.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #39 on: May 10, 2017, 06:33:27 AM »
What I mean is: more common passwords will be applied first.  If a pattern/mechanism has been observed as common, they will be applied first.  That's why (even long) dictionary words (even words with p3rmuTat10n5) crack more easily.  And "p3rmuTat10n5" is likely to crack before "!Aj3kl3@"... because that is how the rules are written.  Dictionary first, then brute force.  It's not exactly as simple as "length beats complexity".

First off, there aren't too many (common) dictionary words that any user might use for a password that would be 18+ characters (which is the length I was advocating). Any password that is less than 16 characters should be considered weak. That includes a large majority of any dictionary word that any user might chose to use. Any password that is less than 16 characters is considered weak from a computational stand point. That means that a password of "permutations" is just as weak as a password of "p3rmuTat10n5" if the attacker is testing for a full character set.

Second, not once in any of my arguments was I advocating for the use of a lone dictionary word. Certainly, if a user is using a lone dictionary word, regardless of any transformations, then it is theoretically weaker from the get go. However, brute-forcing based on transformations has many limitations and requires an extensive degree of assumptions and/or prior knowledge of the attack victim in order to be more successful than a sequential based approach using GPUs, FPGAs, or ASIC computing technologies. Performing logical transformations on a given wordlist is computationally more intensive than would be simply testing the hashes sequentially. Also, that's the work that would be required just to generate the wordlist and not counting the work that would then be needed to test the wordlist itself. So unless you have an extremely small targeted subset that you are looking to test, then you're better off performing a brute-force attack based on a specific character set.

If you would like to read a study that utilized a transform based approach to demonstrate why password expirations are ineffective, a study out of UNC found they were able to successfully crack at least 41% of the passwords using their transform method to guess passwords based on previous ones. However, as I mentioned, the transform method they used relied on having previous knowledge of old passwords used and to get those passwords they used more traditional (effective) methods of cracking (brute-forcing, dictionary attacks, and rainbow tables) when only give a list of hashes. Here is a link to the study. It is actually pretty interesting and a good case against password expirations:

http://cs.unc.edu/~fabian/papers/PasswordExpire.pdf

TLDR: Combined with the annoyance that expiration causes users, our evidence suggests it may be appropriate to do away with password expiration altogether, perhaps as a concession while requiring users to invest the effort to select a significantly stronger password than they would otherwise (e.g., a much longer passphrase).

I believe your original argument was against the case of using an algorithm that produces similar results across the passwords that it generated (which would be used across different sites). That was why I produced the math behind why that isn't as large of a risk as you posed it to be. This is because the attacker isn't going to know the pattern between passwords that get generated. Even if a given password were revealed to an attacker, they would have no idea of the algorithm used to generate it, as I showed above with two similar passwords using the same method, but using two different hashing methods. At any rate, there is still no argument against Length > Complexity that has been demonstrated as being convincing.

So yeah, "change them right this minute to something super awesome" is the most secure response, but it might be more practical for some folks, especially those who might not really know what a super awesome password really looks like, to document what they have first and let the tools assist with that process.

Fair enough. That is a good suggestion as well. The ends justifies the means in this case, for sure. If the goal of using a password manager for a user is to move to stronger passwords that they otherwise wouldn't employ, then that is fair reasoning and is certainly logical, especially given your examples of the tools at hand.
« Last Edit: May 10, 2017, 06:37:35 AM by lifeanon269 »

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #40 on: May 10, 2017, 08:14:36 AM »

TLDR: Combined with the annoyance that expiration causes users, our evidence suggests it may be appropriate to do away with password expiration altogether, perhaps as a concession while requiring users to invest the effort to select a significantly stronger password than they would otherwise (e.g., a much longer passphrase).

I wholeheartedly agree and have argued expiration was wrong well before there were folks backing me up on it.  That said: Sometimes you DO need to scuttle a password.  And you need a method that supports a new password.  This is one of the issues I have with passphrase+static-domain style hash.  At some point, if your yahoo.com password was compromised (and it most likely was) you then have to remember to use passphase+yahoo.com2 (or something similar).  I'm old.  Remembering all the fiddlybit facts like that are more than I can do.

I believe your original argument was against the case of using an algorithm that produces similar results across the passwords that it generated (which would be used across different sites). That was why I produced the math behind why that isn't as large of a risk as you posed it to be. This is because the attacker isn't going to know the pattern between passwords that get generated. Even if a given password were revealed to an attacker, they would have no idea of the algorithm used to generate it, as I showed above with two similar passwords using the same method, but using two different hashing methods. At any rate, there is still no argument against Length > Complexity that has been demonstrated as being convincing.

That was absolutely my argument.  And a dictionary word was a simplified example of how "length>complexity always" isn't the case.  It's "length>complexity usually".  You can generalize "dictionary" to be "predictable".  For example, while correcthorsebatterystaple may represent a good method of password generation, it's a terrible password.  It's not a dictionary word.  It's very long.  But it's in everyone's dictionary of passwords now. 

To generalize further: YOUR METHOD MAY BE ABSOLUTELY FINE.  I am making no claim to the contrary. But... if your actual algorithm were to become popular and someone were to find it highly predictable mathematically ... people would optimize their code for that method.  Predictability, by it's nature can shorten the password.  What appeared to be an 18 character password might turn out to effectively be a 12 character password mathematically. 

You're confident in your method.  You're happy.  It just wouldn't work for me -- even if it generates perfect passwords every time.  Our digression isn't really helping the OP's question, so I'll bow out.

wanderin1

  • 5 O'Clock Shadow
  • *
  • Posts: 61
Re: Choosing a password manager--advice needed
« Reply #41 on: May 10, 2017, 08:21:13 AM »
OP here--really learning a lot from this discussion of strong passwords.

What do you think of the chart below? It's from the non-profit organization Security in a Box. https://securityinabox.org/en/guide/passwords/

"The table below shows how much longer it may take a hacker to break a list of progressively more complex passwords by trying different combinations of the password one after another."

Sample password                 Time to crack with an everyday computer         Time to crack with a very fast computer
bananas                               Less than 1 day                                                    Less than 1 day
bananalemonade                   2 days                                                                 Less than 1 day
BananaLemonade                   3 months, 14 days                                               Less than 1 day
B4n4n4L3m0n4d3                  3 centuries, 4 decades                                          1 month, 26 days
We Have No Bananas             19151466 centuries                                              3990 centuries
W3 H4v3 N0 B4n4n45            20210213722742 centuries                                  4210461192 centuries


Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #42 on: May 10, 2017, 08:43:40 AM »
Without doing the actual math or looking the current john the ripper benchmarks , it seems plausible.   


Personally, I have 2 "types" of passwords:
* ones I have to remember.  This list is short.  I'm old.  Remembering is not my wheelhouse.  This is literally something like:  "my login password on my desktop", "my pgp key", "my password manager password".  For these passwords, I use something similar to the last password there.  Usually it is longer, but I use a sentence -- and often substitute words as well as character permutations.  In other words, instead of an obfuscated "we have no bananas" -- I'd use the whole phrase and muck it up: "y3swehave,no4pples-we h4ven00rages2day".   
* the rest.  This is a long list.  At last check, my password manager had over 2000 passwords in it.  All random.  All of them as long and as complex as I can shoehorn into the site that is asking for them. 

meghan88

  • Pencil Stache
  • ****
  • Posts: 824
  • Location: Montreal
Re: Choosing a password manager--advice needed
« Reply #43 on: May 10, 2017, 08:51:04 AM »
What do you folks think of the idea of storing cryptic notes to accounts and passwords in a draft, within an email account from which messages are never received or sent?  And is not associated with a real name?

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #44 on: May 10, 2017, 09:21:56 AM »
Spork, fair enough. I think we're in agreement overall and we're probably just arguing over silly semantics and coming at it from two different angles. I agree that sometimes you are forced to reset a password for any numerous reasons. Usually in those cases I simply add on the month or year depending on how often I foresee needing to reset it the password for that account. Since the inputs can be anything, it gives some flexibility. However, like you said, you would then need to remember that you use the date for one website and not for another. Sometimes, as my script has matured, I've migrated the passwords for all my websites from one script version to another. So in the event of a breach, something similar could be done as well.

We can certainly agree that what works for me might not work for everyone. But, it is absolutely secure and I don't ever foresee the exact script I use becoming popular enough to become a target. Even if it did, the smallest of changes to it would completely change the derived outputs.


What do you folks think of the idea of storing cryptic notes to accounts and passwords in a draft, within an email account from which messages are never received or sent?  And is not associated with a real name?

I suppose it depends on how obvious those messages are that they are passwords. I used to do something similar before using the hashing method I talked about. I had a OneNote file that had ordinary notes through out it that I used regularly for my notetaking. But, throughout the notes within were my passwords that no one would ever realize were actually passwords. Only I knew where to find them.

This concept is called steganography. It is more of a security by obscurity approach since it isn't really protecting the information with cryptography, only concealing it. Because of this however, I would question the use of using a dormant email account for this purpose only. Steganography really works best in situations where there is more data among which your private data can hide. If that email account were ever compromise, it might become terribly obvious what its purpose was, even if you used some cryptic forms of concealment in those draft emails.

A better option of steganography would be to use an actual email account that gets used and have actual emails received that you look to for your passwords. For example, if you received an email from Amazon.com, you could use the subject line of that specific email as your Amazon.com password. You could then place that email in a separate folder called "Orders" and no one would be wiser. The same with your ebay.com password and then put an ebay email in the "Orders" folder as well just to make it look like the orders folder serves a functional purpose.

Ultimately, it all comes down to just using longer more secure passwords and whatever means gets you there will work. Just don't be too wreckless with where you store things. Attackers don't like work just as much as any mustachian here, so they'll always go after the lower hanging fruit first. Don't be that low hanging fruit! lol

Nothlit

  • Bristles
  • ***
  • Posts: 403
Re: Choosing a password manager--advice needed
« Reply #45 on: May 10, 2017, 09:38:14 AM »
I use Lastpass and it's saved me tons of time not being frustrated by trying to remember a password (or searching for that little scrap of paper where I listed it).

But I'm uneasy with the idea that my passwords are on their site, because who knows if it might get hacked.

http://keepass.info , NOT lastpass. Local storage only beats whatever remote solutions hands down in terms of security.

LastPass does not store your passwords on their site. Your passwords are stored in an encrypted blob of data that is only ever decrypted locally on your computer when you type your master password. Yes, that encrypted blob is stored on LastPass's servers, but a hacker who gains access to LastPass's site/servers would not be able to decrypt your encrypted blob unless they can also guess your master password, which is why it's important to choose a strong master password.

http://www.zdnet.com/article/lastpass-hit-by-password-stealing-and-code-execution-vulnerabilities/
https://www.grepular.com/LastPass_Vulnerability_Exposes_Account_Details
http://www.pcworld.com/article/3185731/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html
etcetera

The bar is higher for web/browser based applications, and LastPass doesn't pass it. The most important LastPass attack vector just doesn't apply to Keepass at all.

Of course if malicious code gets running on the client side, all bets are off. That applies regardless of which password solution you use. I was referring to LastPass's server-side security, which was the concern I understood to be expressed by the posts I quoted.

I prefer to use LastPass because it syncs seamlessly between my computer at home, my computer at work, and my mobile devices. I'm not aware of an easy way to do this with Keypass absent some sort of DIY remote storage workaround (Dropbox, SFTP, etc.), which is a no-go for me as those kinds of protocols are blocked at work. I am aware that LastPass has had vulnerabilities, but they have responded swiftly to fix all of them, and I feel the benefits outweigh the relatively low risk of client-side compromise.
« Last Edit: May 10, 2017, 09:46:07 AM by Nothlit »

talltexan

  • Magnum Stache
  • ******
  • Posts: 4453
Re: Choosing a password manager--advice needed
« Reply #46 on: May 10, 2017, 11:20:03 AM »
posting to follow. I am in the "typing names of all co-workers in a long string" school of thought. Until half of them retired last year.

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 75
  • Age: 43
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #47 on: May 10, 2017, 11:34:20 AM »
What do you folks think of the idea of storing cryptic notes to accounts and passwords in a draft, within an email account from which messages are never received or sent?  And is not associated with a real name?
I personally think that sounds like a lot of work for minimal security gain over using a tool that's designed to store passwords for you, so I wouldn't do it myself.  But if it works for you, it is a safe way to do things so go for it.

Spork

  • Walrus Stache
  • *******
  • Posts: 5747
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #48 on: May 10, 2017, 12:10:56 PM »
What do you folks think of the idea of storing cryptic notes to accounts and passwords in a draft, within an email account from which messages are never received or sent?  And is not associated with a real name?
I personally think that sounds like a lot of work for minimal security gain over using a tool that's designed to store passwords for you, so I wouldn't do it myself.  But if it works for you, it is a safe way to do things so go for it.

I agree with GoingToMaine...  It's no different than having a folder full of notes and having one boring one entitled "2013 Summit on Managerial Effectiveness" that contains userids/passwords.  Unless you are extremely clever, it's going to look like userids and passwords.  And if a BadPerson™ knows enough about you to have a little bit of an idea what to look for... using an exhaustive search on the local hard drive for some key strings isn't that hard, regardless of where it might be hidden.

lifeanon269

  • Bristles
  • ***
  • Posts: 489
Re: Choosing a password manager--advice needed
« Reply #49 on: May 10, 2017, 12:31:56 PM »
Somewhere in this reply is my password. Only I know where in this reply my password is stored. An attacker, even with this message in plain sight will never be able to determine what my password is or that there is even a password hidden here (if I hadn't mentioned it). It could be any number of characters and of any length. There are almost an infinite number of possibilities for password combinations within just this short message alone. Since only I know where the password starts and ends or in what order, it will remain secure. Now, obviously, if using this technique in the real world, I would not be talking about passwords and instead this message would just blend in with every other response here, but this demonstration of steganography still helps prove a point. Steganography has been used in communications for centuries. Generally the biggest weakness that Steganography has is communicating where to find the message to the intended recipient in a secure manner. Since using this concept with regards to password security only involves one individual (me!), then the biggest weakness is mitigated. The point is that if something is blended in among every other normal piece of data on a system, then even a skilled attacker who knows the user very well would never find it. It more comes down to usability, as GoingToMaine mentioned. If using this method, it would need to be something hidden among something else that is accessible whenever you'd need it. Also, you'd need to remember more information in your head in order to keep track of where to find all your passwords.

Sorry for the big block of text, it helped hide my secret better   ;)
« Last Edit: May 10, 2017, 12:39:34 PM by lifeanon269 »