Remembering all of those passwords without sacrificing security

Harley997

sr. member

Activity: 266

Merit: 250

Quote from: BigMac on July 04, 2014, 04:41:56 AM

Quote from: Harley997 on July 04, 2014, 03:57:14 AM

Quote from: validium on June 30, 2014, 03:35:48 AM

Quote from: Argwai96 on June 30, 2014, 12:39:53 AM

Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP.

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.

Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.

Is that a real risk? I mean, I have read lots of people suggesting to use multiple encryption (like 7zip + truescrypt).

The chances are much smaller and it doesn't really happen very much anymore with modern encryption technology but it is still possible.

Bernard Lerring

sr. member

Activity: 294

Merit: 250

I wouldn't take my word for it: I'm not an expert. It just seems unlikely to me.

If you encrypt a file multiple times then as long as you use the correct password and software for each decryption layer you should end up with a copy of the original, unencrypted file.

Otherwise, what's the point?

BigMac

legendary

Activity: 896

Merit: 1000

Quote from: Bernard Lerring on July 04, 2014, 04:47:10 AM

Proper encryption should be lossless, or else what's the point of it if it can't be accurately decrypted. So, in effect, the file should restore exactly as it was before encryption. I've not heard of any danger of doubly encrypting a file.

I see. Thanks a lot for your quick clarification.

Bernard Lerring

sr. member

Activity: 294

Merit: 250

Proper encryption should be lossless, or else what's the point of it if it can't be accurately decrypted. So, in effect, the file should restore exactly as it was before encryption. I've not heard of any danger of doubly encrypting a file.

BigMac

legendary

Activity: 896

Merit: 1000

Quote from: Harley997 on July 04, 2014, 03:57:14 AM

Quote from: validium on June 30, 2014, 03:35:48 AM

Quote from: Argwai96 on June 30, 2014, 12:39:53 AM

Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP.

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.

Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.

Is that a real risk? I mean, I have read lots of people suggesting to use multiple encryption (like 7zip + truescrypt).

Harley997

sr. member

Activity: 266

Merit: 250

Quote from: validium on June 30, 2014, 03:35:48 AM

Quote from: Argwai96 on June 30, 2014, 12:39:53 AM

Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP.

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.

Using multiple encryption types, that is encrypting an encrypted file can sometimes lead to the inability to decrypt the originally encrypted file as encryption can sometimes make small changes to a file that would normally be unnoticeable but can be the difference between not being able to decrypt and being able to decrypt a file.

InwardContour

sr. member

Activity: 644

Merit: 260

Quote from: Zebra on July 01, 2014, 11:56:40 AM

Quote from: InwardContour on June 30, 2014, 11:12:08 PM

Quote from: Nagato4 on June 30, 2014, 12:36:29 AM

Quote from: InwardContour on June 29, 2014, 11:53:04 PM

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).

If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption

You could use truecrypt and employ AES-Twofish-Serpent then.
Of course it is still possible to crack all the three algorithms or simply brute-force your long password, but it is highly unlikely IMO.

I would say the trick would be to try to hide the type of encryption is being used.

Zebra

hero member

Activity: 612

Merit: 500

Quote from: InwardContour on June 30, 2014, 11:12:08 PM

Quote from: Nagato4 on June 30, 2014, 12:36:29 AM

Quote from: InwardContour on June 29, 2014, 11:53:04 PM

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).

If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption

You could use truecrypt and employ AES-Twofish-Serpent then.
Of course it is still possible to crack all the three algorithms or simply brute-force your long password, but it is highly unlikely IMO.

InwardContour

sr. member

Activity: 644

Merit: 260

Quote from: Nagato4 on June 30, 2014, 12:36:29 AM

Quote from: InwardContour on June 29, 2014, 11:53:04 PM

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).

If your passwords were valuable enough then an attacker could invent/buy a ASIC type device that is designed for brute forcing passwords with your type of encryption

validium

sr. member

Activity: 350

Merit: 250

Decentralized thinking

Quote from: Argwai96 on June 30, 2014, 12:39:53 AM

Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP.

That's why a service like MEGA is a good option for safe encrypted cloud storage but for extra security you can put your files in a truecrypt container before you upload them.

Argwai96

legendary

Activity: 1036

Merit: 1000

Thug for life!

Cloud storage without encryption is asking for trouble. I prefer to keep my important documents/files closer to home, but if needed, encryption/decryption is as easy as using PGP.

Nagato4

hero member

Activity: 625

Merit: 500

Quote from: InwardContour on June 29, 2014, 11:53:04 PM

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

True and true.
And so the password I use to encrypt is a very long password (20+ characters, with special characters) that only I know and I am pretty sure I won't forget it ever (as it has some special meaning to me but just random characters to others).

InwardContour

sr. member

Activity: 644

Merit: 260

Quote from: Nagato4 on June 29, 2014, 11:02:28 PM

Quote from: InwardContour on June 29, 2014, 10:52:26 PM

Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.

You should really first encrypt the files (use 7zip for example) before putting it on cloud storage.

You have a couple of issues with this.

1 -If the key to decrypt the file is held on your computer then in the event that your computer crashes (all data lost) then you would lose your file.

2 -If all you need is a password to decrypt the file (similar to a brain wallet) then all an attacker would need would be the password instead of the private key. The attacker could simply brute force the password instead of brute forcing the private key to decrypt the file.

Nagato4

hero member

Activity: 625

Merit: 500

Quote from: InwardContour on June 29, 2014, 10:52:26 PM

Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.

You should really first encrypt the files (use 7zip for example) before putting it on cloud storage.

InwardContour

sr. member

Activity: 644

Merit: 260

Quote from: Nagato4 on June 29, 2014, 10:41:20 PM

Quote from: validium on June 23, 2014, 12:52:19 AM

Quote from: ranochigo on June 23, 2014, 12:24:32 AM

Quote from: InwardContour on June 22, 2014, 04:20:16 PM

Quote from: Chemistry1988 on June 21, 2014, 11:51:05 PM

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA

Exactly.
You should always backup all your important files (bitcoin wallet, password lists in keepass, etc) as your computer can fail at any second.

Many people look to cloud storage for this. IMO this is a horrible idea as your cloud storage account could get hacked at any time and/or the NSA/government could be snooping around in your private information.

Nagato4

hero member

Activity: 625

Merit: 500

Quote from: validium on June 23, 2014, 12:52:19 AM

Quote from: ranochigo on June 23, 2014, 12:24:32 AM

Quote from: InwardContour on June 22, 2014, 04:20:16 PM

Quote from: Chemistry1988 on June 21, 2014, 11:51:05 PM

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA

Exactly.
You should always backup all your important files (bitcoin wallet, password lists in keepass, etc) as your computer can fail at any second.

Harley997

sr. member

Activity: 266

Merit: 250

Quote from: Squidoogeek on June 26, 2014, 02:14:06 PM

This is why I like the idea of requiring a fingerprint for everything. Theoretically, it should be harder to steal somebody's thumb than to hack most people's passwords, simply because you might steal their money but they might give you a fight if you demand their thumb too. Even so, it might still be a good idea to use 2FA for everything, but at least if you use fingerprints, you won't have to worry about remembering a password.

A fingerprint password is really nothing more then a picture of your finger.

Also since most people touch a lot of things every day it would not be difficult to simply lift someone's fingerprint after they touch it. If someone were to get a hold of your fingerprints like this then you would have no way of chaining your password. When someone figures out your password you can simply change your password.

Cicero2.0

member

Activity: 98

Merit: 10

★☆★Bitin.io★☆★

I actually use a bitcoin address for the really important stuff. It is written down in a paper in my home office. It is kind of a pain to type it each time but I don't log into my banking and credit card stuff very often anyway.

VeroPossumus

newbie

Activity: 26

Merit: 0

I use lastpass and have no complaints..
You can also try oldschool style, just get a notebook Tongue

Squidoogeek

member

Activity: 112

Merit: 10

This is why I like the idea of requiring a fingerprint for everything. Theoretically, it should be harder to steal somebody's thumb than to hack most people's passwords, simply because you might steal their money but they might give you a fight if you demand their thumb too. Even so, it might still be a good idea to use 2FA for everything, but at least if you use fingerprints, you won't have to worry about remembering a password.

Topic: Remembering all of those passwords without sacrificing security (Read 2614 times)