7 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >
 |
| 7. |
Re: Morning Safety Dance |
Aug 22, 2012, 23:02 |
eRe4s3r |
|
|
If someone hacks your gmail account they could make your steam account unrestorable though.. which is why you always have differnent PW's.
And yeah, lasspass like any other online service can be hacked or broken by MITM. But it's mainly a tool to not write down or have easy to remember passwords. If you use lastpass, your passwords will never be found by the methods described in this article. With 14 random characters entropy is already extreme, and that's assuming sites don't have a protection against guessing attacks (Gmail and Paypal/Steam do) and the chance someone has the matching hash for YOUR random 14+ password is very unlikely.
There'll never be a rainbow table of 14+ long random passwords. Never. Unless disk sizes rise massively. And if something gets hacked, with lastpass it's just finding change pw, hit gen new key, and be done with it. Obviously rotate the master password every now and then. And as you say, without the master PW, nobody can actually ACCESS the data in lastpass. Lastpass does not even know the data because it decrypts it via masterpass. So all that hack did was leak encrypted pw's. Not unsalted hashes.
|
|
|
|
|
|
|
|
| |
|
| 6. |
Re: Morning Safety Dance |
Aug 22, 2012, 11:20 |
Prez |
|
|
Who are they calling "crackers", huh?!? 
|
|
|
|
|
|
|
|
| |
|
| 5. |
Re: Morning Safety Dance |
Aug 22, 2012, 09:44 |
Verno |
|
|
eRe4s3r wrote on Aug 21, 2012, 23:32:
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.
The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p
LastPass was breached last year, just FYI. They're a good service and only store encrypted results which are hashed on demand with the browser plugin but all the same, they were breached and susceptible to MITM interceptions of hashed results. CPUs are incredibly inefficient for cryptographic hashing these days, it's all about GPUs. With GPUs processing a trillion combinations a day no one should take anything as a given, that's for sure. Thankfully I don't care if someone were to hack my Steam or Gmail account, it's a simple process to restore. |
|
|
|
|
|
|
|
|
Playing: Super Mario 3D Land, Tales of Graces F, Fire Emblem 3DS
Watching: Hannibal, Community, Life |
|
|
|
|
| |
|
| 4. |
Re: Morning Safety Dance |
Aug 22, 2012, 01:21 |
eRe4s3r |
|
|
| By the way, a lot of really crappy high profile sites do not support the full range of symbols :/ like ö~´'° especially PHP based sites. |
|
|
|
|
|
|
|
| |
|
| 3. |
Re: Morning Safety Dance |
Aug 22, 2012, 01:18 |
^Drag0n^ |
|
|
That was one of the most informative (and scary) tech articles I've read this year.
I hope Blue salts his hash ;-)
^D^ |
|
|
|
|
|
|
|
|
| "Never start a fight, but always finish it." |
|
|
|
|
| |
|
| 2. |
Re: Morning Safety Dance |
Aug 21, 2012, 23:51 |
Techie714 © |
|
|
eRe4s3r wrote on Aug 21, 2012, 23:32:
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.
The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p
TOTALLY Agree! |
|
|
|
|
|
|
|
| |
|
| 1. |
Re: Morning Safety Dance |
Aug 21, 2012, 23:32 |
eRe4s3r |
|
|
Use lastpass? more than 14 character mixed case, mixed letters, mixed numbers passwords.. for paypal email and important stuff, it's even 20+ characters. Entropy is so high the universe will end before someone guesses it.
The only real problem is some braindead site storing passwords in clear-text, those site owners should be put behind bars for life, every password they didn't protect properly, is 1 day in jail or a 2000$ fine ;p |
|
|
|
|
|
|
|
| |
7 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >
|
|
Twitter 
