Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Morning Safety Dance

View
7 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

7. Re: Morning Safety Dance Aug 22, 2012, 23:02 eRe4s3r
 
If someone hacks your gmail account they could make your steam account unrestorable though.. which is why you always have differnent PW's.

And yeah, lasspass like any other online service can be hacked or broken by MITM. But it's mainly a tool to not write down or have easy to remember passwords. If you use lastpass, your passwords will never be found by the methods described in this article. With 14 random characters entropy is already extreme, and that's assuming sites don't have a protection against guessing attacks (Gmail and Paypal/Steam do) and the chance someone has the matching hash for YOUR random 14+ password is very unlikely.

There'll never be a rainbow table of 14+ long random passwords. Never. Unless disk sizes rise massively. And if something gets hacked, with lastpass it's just finding change pw, hit gen new key, and be done with it. Obviously rotate the master password every now and then. And as you say, without the master PW, nobody can actually ACCESS the data in lastpass. Lastpass does not even know the data because it decrypts it via masterpass. So all that hack did was leak encrypted pw's. Not unsalted hashes.

 
Avatar 54727
 
Reply Quote Edit Delete Report
 
6. Re: Morning Safety Dance Aug 22, 2012, 11:20 Prez
 
Who are they calling "crackers", huh?!? Furious2












 
Avatar 17185
 
Goodbye my Monte boy. May you rest in the peace you never knew in life.
Reply Quote Edit Delete Report
 
5. Re: Morning Safety Dance Aug 22, 2012, 09:44 Verno
 
eRe4s3r wrote on Aug 21, 2012, 23:32:
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.

The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p

LastPass was breached last year, just FYI. They're a good service and only store encrypted results which are hashed on demand with the browser plugin but all the same, they were breached and susceptible to MITM interceptions of hashed results. CPUs are incredibly inefficient for cryptographic hashing these days, it's all about GPUs. With GPUs processing a trillion combinations a day no one should take anything as a given, that's for sure. Thankfully I don't care if someone were to hack my Steam or Gmail account, it's a simple process to restore.
 
Avatar 51617
 
Playing: Fire Emblem, Diablo 3, Bravely Default
Watching: The Machine, After the Dark, Devils Due
Reply Quote Edit Delete Report
 
4. Re: Morning Safety Dance Aug 22, 2012, 01:21 eRe4s3r
 
By the way, a lot of really crappy high profile sites do not support the full range of symbols :/ like ö~´'° especially PHP based sites.  
Avatar 54727
 
Reply Quote Edit Delete Report
 
3. Re: Morning Safety Dance Aug 22, 2012, 01:18 ^Drag0n^
 
That was one of the most informative (and scary) tech articles I've read this year.

I hope Blue salts his hash ;-)

^D^
 
Avatar 55075
 
"Never start a fight, but always finish it."
Reply Quote Edit Delete Report
 
2. Re: Morning Safety Dance Aug 21, 2012, 23:51 Techie714 ©
 
eRe4s3r wrote on Aug 21, 2012, 23:32:
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.

The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p

TOTALLY Agree!
 
Avatar 25373
 
Steam (ID)
http://steamcommunity.com/id/techie714/
DEAD SH0T
Keep your privacy!
http://prism-break.org/
Reply Quote Edit Delete Report
 
1. Re: Morning Safety Dance Aug 21, 2012, 23:32 eRe4s3r
 
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.

The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
7 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

.. .. ..

Blue's News logo