Author

Topic: Password Managers (Read 995 times)

b!z
legendary
Activity: 1582
Merit: 1010
September 11, 2013, 05:53:59 AM
#11
trying keepass, I love it already Cheesy thanks for mentioning it!

Yeah that's a good one. i don't know how i forgot to mention it.
full member
Activity: 238
Merit: 100
September 10, 2013, 11:18:13 AM
#10
trying keepass, I love it already Cheesy thanks for mentioning it!
full member
Activity: 238
Merit: 100
September 10, 2013, 10:14:41 AM
#9
I use my brain/truecrypted excel and lastpass for trash sites Smiley
hero member
Activity: 504
Merit: 500
September 10, 2013, 09:06:27 AM
#8
KeePassX on linux and KeePass on windows, the databases are compatible.
You can use also a deterministic chain(brainwallet) created from a passphrase as values and for username/website you create a plain list like.
gmail  bob123  1(password is the the first value from the chain)
yahoo bob234  2
legendary
Activity: 1302
Merit: 1007
September 10, 2013, 06:46:43 AM
#7
I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.

Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program

Similarities to traditional password managers:
- One password for everything

Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Not bad! I might try this myself!
b!z
legendary
Activity: 1582
Merit: 1010
September 10, 2013, 05:55:52 AM
#6
LastPass, or your brain.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 09, 2013, 09:26:05 PM
#5
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.

Note that the world "salt" here is not what is generally meant in encryption nowadays (the usual meaning now is a random nonce or timestamp that is stored *unencrypted* to be mixed in with the password in order to prevent the creation of "rainbow tables").

I do something similar using an "encrypted seed" (whose initial value was obtained from /dev/random) which is encrypted by the "universal password" - the decrypted seed then has characters appended to identify the website (e.g. "bt" for Bitcointalk although normally I'd use more characters) and then the concatenated string is put through a number of hash rounds.
sr. member
Activity: 350
Merit: 251
September 09, 2013, 09:20:18 PM
#4
I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.

Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program

Similarities to traditional password managers:
- One password for everything

Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
legendary
Activity: 1302
Merit: 1007
September 08, 2013, 03:15:11 PM
#3
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
September 08, 2013, 02:55:35 PM
#2
legendary
Activity: 1302
Merit: 1007
September 08, 2013, 02:33:49 PM
#1
Which one do you currently use or recommend, if any at all? Currently I am using Dashlane, but I've heard a lot about 1Password and LastPass. Dashlane, the one I'm trying out has an iPhone App, which is why I use it. If you want to try it, you can use my referral link so that we both get 6 months of free premium.

So, do you use any password manager, and why?
Jump to: