Pages:
Author

Topic: Remembering all of those passwords without sacrificing security (Read 2617 times)

sr. member
Activity: 266
Merit: 250
Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP. Smiley
That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.
Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.   

Is that a real risk? I mean, I have read lots of people suggesting to use multiple encryption (like 7zip + truescrypt).
The chances are much smaller and it doesn't really happen very much anymore with modern encryption technology but it is still possible. 
sr. member
Activity: 294
Merit: 250
I wouldn't take my word for it: I'm not an expert. It just seems unlikely to me.

If you encrypt a file multiple times then as long as you use the correct password and software for each decryption layer you should end up with a copy of the original, unencrypted file.

Otherwise, what's the point?

legendary
Activity: 896
Merit: 1000
Proper encryption should be lossless, or else what's the point of it if it can't be accurately decrypted. So, in effect, the file should restore exactly as it was before encryption. I've not heard of any danger of doubly encrypting a file.

I see. Thanks a lot for your quick clarification. Smiley
sr. member
Activity: 294
Merit: 250
Proper encryption should be lossless, or else what's the point of it if it can't be accurately decrypted. So, in effect, the file should restore exactly as it was before encryption. I've not heard of any danger of doubly encrypting a file.
legendary
Activity: 896
Merit: 1000
Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP. Smiley
That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.
Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.   

Is that a real risk? I mean, I have read lots of people suggesting to use multiple encryption (like 7zip + truescrypt).
sr. member
Activity: 266
Merit: 250
Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP. Smiley

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.
Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.   
sr. member
Activity: 644
Merit: 260
1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).
If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption

You could use truecrypt and employ AES-Twofish-Serpent then.
Of course it is still possible to crack all the three algorithms or simply brute-force your long password, but it is highly unlikely IMO.
I would say the trick would be to try to hide the type of encryption is being used.
hero member
Activity: 612
Merit: 500
1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).
If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption

You could use truecrypt and employ AES-Twofish-Serpent then.
Of course it is still possible to crack all the three algorithms or simply brute-force your long password, but it is highly unlikely IMO.
sr. member
Activity: 644
Merit: 260
1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).
If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption
sr. member
Activity: 350
Merit: 250
Decentralized thinking
Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP. Smiley

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.
legendary
Activity: 1036
Merit: 1000
Thug for life!
Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP. Smiley
hero member
Activity: 625
Merit: 500
1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).
sr. member
Activity: 644
Merit: 260
Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.


You should really first encrypt the files (use 7zip for example) before putting it on cloud storage.
You have a couple of issues with this.

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.
hero member
Activity: 625
Merit: 500
Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.


You should really first encrypt the files (use 7zip for example) before putting it on cloud storage.
sr. member
Activity: 644
Merit: 260
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA

Exactly.
You should always backup all your important files (bitcoin wallet, password lists in keepass, etc) as your computer can fail at any second.
Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.
hero member
Activity: 625
Merit: 500
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA

Exactly.
You should always backup all your important files (bitcoin wallet, password lists in keepass, etc) as your computer can fail at any second.
sr. member
Activity: 266
Merit: 250
This is why I like the idea of requiring a fingerprint for everything. Theoretically, it should be harder to steal somebody's thumb than to hack most people's passwords, simply because you might steal their money but they might give you a fight if you demand their thumb too. Even so, it might still be a good idea to use 2FA for everything, but at least if you use fingerprints, you won't have to worry about remembering a password.
A fingerprint password is really nothing more then a picture of your finger.


Also since most people touch a lot of things every day it would not be difficult to simply lift someone's fingerprint after they touch it. If someone were to get a hold of your fingerprints like this then you would have no way of chaining your password. When someone figures out your password you can simply change your password.
member
Activity: 98
Merit: 10
★☆★Bitin.io★☆★
I actually use a bitcoin address for the really important stuff. It is written down in a paper in my home office. It is kind of a pain to type it each time but I don't log into my banking and credit card stuff very often anyway.
newbie
Activity: 26
Merit: 0
I use lastpass and have no complaints..
You can also try oldschool style, just get a notebook  Tongue
member
Activity: 112
Merit: 10
This is why I like the idea of requiring a fingerprint for everything. Theoretically, it should be harder to steal somebody's thumb than to hack most people's passwords, simply because you might steal their money but they might give you a fight if you demand their thumb too. Even so, it might still be a good idea to use 2FA for everything, but at least if you use fingerprints, you won't have to worry about remembering a password.
Pages:
Jump to: