trying keepass, I love it already 
thanks for mentioning it!
thanks for mentioning it!Yeah that's a good one. i don't know how i forgot to mention it.
Topic: Password Managers (Read 964 times)
Yeah that's a good one. i don't know how i forgot to mention it.
trying keepass, I love it already thanks for mentioning it!
thanks for mentioning it!
I use my brain/truecrypted excel and lastpass for trash sites 
KeePassX on linux and KeePass on windows, the databases are compatible.
You can use also a deterministic chain(brainwallet) created from a passphrase as values and for username/website you create a plain list like.
gmail bob123 1(password is the the first value from the chain)
yahoo bob234 2
You can use also a deterministic chain(brainwallet) created from a passphrase as values and for username/website you create a plain list like.
gmail bob123 1(password is the the first value from the chain)
yahoo bob234 2
I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.
Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program
Similarities to traditional password managers:
- One password for everything
Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Not bad! I might try this myself! Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program
Similarities to traditional password managers:
- One password for everything
Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
LastPass, or your brain.
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Note that the world "salt" here is not what is generally meant in encryption nowadays (the usual meaning now is a random nonce or timestamp that is stored *unencrypted* to be mixed in with the password in order to prevent the creation of "rainbow tables").
I do something similar using an "encrypted seed" (whose initial value was obtained from /dev/random) which is encrypted by the "universal password" - the decrypted seed then has characters appended to identify the website (e.g. "bt" for Bitcointalk although normally I'd use more characters) and then the concatenated string is put through a number of hash rounds.
I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.
Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program
Similarities to traditional password managers:
- One password for everything
Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program
Similarities to traditional password managers:
- One password for everything
Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Which one do you currently use or recommend, if any at all? Currently I am using Dashlane, but I've heard a lot about 1Password and LastPass. Dashlane, the one I'm trying out has an iPhone App, which is why I use it. If you want to try it, you can use my referral link so that we both get 6 months of free premium.
So, do you use any password manager, and why?
So, do you use any password manager, and why?
Jump to: