Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Thread beginning with comment 541928
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Keepass2
by UltraZelda64 on Sun 11th Nov 2012 05:37 UTC in reply to "Keepass2"
UltraZelda64
Member since:
2006-12-05

I have a strong password set up for the database, I always store any new login stuff in there, and I keep a copy of the database on my desktop, mobile phone, server and in the cloud so that even if one -- or even multiple -- devices were to break I'd still always have a copy somewhere. Also, the Android - app is handy on-the-go.

Yikes. I wouldn't want to store my passwords on my phone or laptop or any other computer I take with me even occasionally or on any USB thumb drive... but there's no way in hell you'd ever see me put all my password in a file up in the "cloud." Even if they were first encrypted in a database file. Just not gonna happen. I just don't have that kind of trust.

Edited 2012-11-11 05:54 UTC

Reply Parent Score: 2

RE[2]: Keepass2
by WereCatf on Sun 11th Nov 2012 08:56 in reply to "RE: Keepass2"
WereCatf Member since:
2006-02-15

Yikes. I wouldn't want to store my passwords on my phone or laptop or any other computer I take with me even occasionally or on any USB thumb drive... but there's no way in hell you'd ever see me put all my password in a file up in the "cloud." Even if they were first encrypted in a database file. Just not gonna happen. I just don't have that kind of trust.


The Keepass2 password database is encrypted with 256-bit Twofish. You'd need a quantum computer to be able to crack that in any sort of a feasible time. No, using something like that Amazon cloud computing service would still need way more time for cracking that open than I have years left in me. Since there are no fully-functioning quantum computers yet, and I'm not a high-profile target anyways...

EDIT: Few links:
http://keepass.info/help/base/security.html
http://en.wikipedia.org/wiki/Twofish

Edited 2012-11-11 09:02 UTC

Reply Parent Score: 2

RE[2]: Keepass2
by Soulbender on Sun 11th Nov 2012 09:20 in reply to "RE: Keepass2"
Soulbender Member since:
2005-08-18

Just not gonna happen. I just don't have that kind of trust.


That's the thing about encryption, you don't need trust.
The chances that your cloud provider will take so much interest in you that they will use all their computing power to break into your (hopefully Twofish or AES) encrypted password database is minuscule.
Even if they do you'll probably have changed all the passwords by the time they actually manage to brute-force it.

Reply Parent Score: 2

RE[3]: Keepass2
by UltraZelda64 on Sun 11th Nov 2012 10:06 in reply to "RE[2]: Keepass2"
UltraZelda64 Member since:
2006-12-05

The chances that your cloud provider will take so much interest in you that they will use all their computing power to break into your (hopefully Twofish or AES) encrypted password database is minuscule.
Even if they do you'll probably have changed all the passwords by the time they actually manage to brute-force it.

Who's to say it's the cloud provider that will try to do the snooping? I actually didn't mean that with what I originally said. These companies run public servers, and they're not exactly unknown servers... they're well-known, and up for potential attack from anyone, anywhere on the Internet. They're big, easy targets. It's security breaches I would be worried about when putting a file containing *all* of my passwords on a server somewhere on the Internet.

Someone just has to breach the server's security and then take what they can. They can then post all the files they can manage to get on a server somewhere where they and their cracker buddies download away and have a field day playing games seeing who can crack the most password files the fastest. And if there's ever a vulnerability found that allows crackers to easily break the encryption code and read the contents of the file... well, now every single one of your passwords can be found by just accessing one file that's been made publicly available on the Internet to anyone.

Edited 2012-11-11 10:17 UTC

Reply Parent Score: 2