LastPass Premium Offer

Doremon

Doremon

Adept
Jun 17, 2009
694
34
91
49
Oil city!
Feedback: 0 / 0 / 0
remembering password is not a big project but yes keeping trust on virtual digital world may be turn in big deal sometime.
there are few good method to make strong but easy to remember password. Let's combo vehicle no, vehicle type, vehicle brand, society name, favorite vacation place name, old school name etc etc
 
E

eXperience

Disciple
Nov 27, 2011
69
5
71
33
Feedback: 0 / 0 / 0
rdst_1 said:
That's why I use Keepass. It doesn't store anything online. Now all I need is to remember one password for my keepass database and I'm good to go. It also has an Android version and a plug-in for Firefox for auto-logins.
Click to expand...

Even Lastpass doesn't. Decryption takes places offline.
 
booo

booo

BA BA BA BABANANA
Skilled
Mar 4, 2008
2,232
3,055
478
Colodaro
Feedback: 8 / 0 / 0
eXperience said:
Even Lastpass doesn't. Decryption takes places offline.
Click to expand...
your statement doesnt make any sense. are you saying that last pass will upload the encrypted passwords?

any encrypted data with reversible encryption like DES or AES is not safe for storing passwords.
 
S

smnrock

Skilled
Apr 9, 2009
1,433
464
173
Feedback: 8 / 0 / 0
booo said:
your statement doesnt make any sense. are you saying that last pass will upload the encrypted passwords?

any encrypted data with reversible encryption like DES or AES is not safe for storing passwords.
Click to expand...
Does your statement? I know people talks here about theory... if you think you can break encryption based on 256 bit key, then i dont think anyone should transfer any data across https either.
 
booo

booo

BA BA BA BABANANA
Skilled
Mar 4, 2008
2,232
3,055
478
Colodaro
Feedback: 8 / 0 / 0
smnrock said:
Does your statement? I know people talks here about theory... if you think you can break encryption based on 256 bit key, then i dont think anyone should transfer any data across https either.
Click to expand...
the https encryption is short lived. TLS handshake generates a 256bit key on the fly after identifying itself. it is almost impossible to break it during the session.
on the other hand if you store the encrypted password, a person who gets access to it can run dictionary attack on the encrypted data for few days and get the password. there are tools available for this online. its not "just a theory". ever heard of john the ripper?
 
S

smnrock

Skilled
Apr 9, 2009
1,433
464
173
Feedback: 8 / 0 / 0
^^what are you talking? just few days for breaking 256 bit key based encryption? Please read the theory at least, before making such comments.
 
Top Bottom