Announcement

Collapse
No announcement yet.

Article - Four best practices for Web Browser Security on your Linux Workstation

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    oshunluver; You're correct.

    Another way to generate a password is to pick a phrase which you will remember, for example "My Grandmother Went To Church In Tennis Shoes" and create the password using the Initial letter of each word AND change "to" to "2", ie: "mgw2cits".

    It can be any arbitrary length, with longer being better. Other characters and mixed case can (should) be inserted to further randomize the password and still be something which can be remembered without writing it down. "m*G-w2Cits"

    If you're really a geek, you can convert them to ascii binary, but I would have trouble getting that right every time I used it.

    At some point, the dumb user says to heck with it and uses a bonehead simple password. Those people are called "targets".

    I really hope that I'm "preaching to the choir" here and most people on this forum already know these things, For those who are new to the topic, perhaps this will help you pick your passwords with care.
    Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #17
      Originally posted by oshunluvr View Post
      ...
      I take a long (8 letters or more) word that's meaningful to me, like a nickname or pet name for one of my kids. Then I substitute a couple symbols and numbers in a way I can remember, like "@" instead of "o" or "1" for "i". That way I end up with a strong password but one I can still remember at this age
      I do something similar, but I also have three double sided pages of passwords printed out which I consult often because regardless of how "simple" I make my passwords I still can't remember them.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.

      Comment


        #18
        Originally posted by GreyGeek View Post
        I do something similar, but I also have three double sided pages of passwords printed out which I consult often because regardless of how "simple" I make my passwords I still can't remember them.
        I hope you at least obfuscate that list through something like Google(r) Translate, before printing it to paper? Oh, wait, that would put the whole list into the Google(r) database, not a good idea, forget I mentioned it.
        Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #19
          Originally posted by oshunluvr View Post
          I read once long ago that the best password was four random words, but it seemed to me like a simple dictionary attack would be successful.
          Dictionary attacks get exponentially harder when more than one words are used. for example, in a language with around 150000 words in a common dictionary, the number of possible combinations for four words is roughly 5 00000 00000 00000 00000 (equivalent of about 12 character length random alphanumeric password)...there are certainly a lot of easier targets out there.

          Of course it gets even harder if you also use some capitalization, punctuation or special chars between words (or within words).
          Last edited by kubicle; May 11, 2017, 10:38 AM.

          Comment


            #20
            IF a true quantum computer is ever made it is claimed that passwords would become obsolete.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #21
              Originally posted by GreyGeek View Post
              IF a true quantum computer is ever made it is claimed that passwords would become obsolete.
              Is that because the computer will make your choices for you? Or because it will use some new security feature? Perhaps each computer will have a truly unique ID embedded in the hardware (scary thought)...

              HAL: "What are you going Dave?"
              Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

              Comment


                #22
                Dave: "Open the pod bay doors, HAL"
                HAL: "I'm sorry, Dave. I'm afraid I can't do that."
                Dave: "What's the problem?"
                HAL: "I think you know what the problem is just as well as I do."
                Dave: "What are you talking about, HAL?"
                HAL: "Your password is too weak for you to continue."

                Please Read Me

                Comment


                  #23
                  Rotfl
                  Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                  Comment


                    #24
                    Originally posted by oshunluvr View Post
                    Only the former makes any sense. They wouldn't compare users' passwords as they would be encrypted as they are stored anyway, wouldn't they be? I would expect a bank to use a high level of caution. i bet they have a list of "dumb" passwords and/or rules that exclude "abcdefgh", "password", and other really bad ideas.
                    The password would be hashed and then the hash would be stored in a database table. Because the hash algorithm would always create the same hash from a password, it would be easy to compare hashes to find out if a password was unique.

                    I use auto-generated 30 character long random passwords and keep them in a password manager like KeePass.
                    Last edited by whatthefunk; May 11, 2017, 02:50 PM.

                    Comment


                      #25
                      whatthefunk;

                      I've never trusted password managers because they store the encrypted passwords on my harddrive, which means they can be stolen and subjected to decryption. Sure, it is at least 512bit encryption, but that doesn't make it secure, just very costly to crack.

                      And no, I don't store the secrets to antigravity or longevity on my systems... So I'm not a likely target, but somebody else might be...
                      Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                      Comment


                        #26
                        Originally posted by TWPonKubuntu View Post
                        Is that because the computer will make your choices for you? Or because it will use some new security feature? Perhaps each computer will have a truly unique ID embedded in the hardware (scary thought)...

                        HAL: "What are you going Dave?"
                        A true quantum computer will be able to apply thousands, hundreds of thousands, millions or hundreds of million passwords at the same time, settling into the minimal energy quantum solution state containing the actual password. They are not serial processors like the ones we are presently using. They aren't even parallel processing like today's "super" computers that have hundreds of thousands of cores. A bit in those computers can be EITHER a zero or a one, but not both at the same time. A qubit can be both at the same time. In 1994 mathematician Peter Shor hit upon a killer app: a quantum algorithm that could find the prime factors of massive numbers, i.e., the kinds of numbers used for encryption algorithms. It has been estimated that a 2,048 bit RSA key can be broken in seconds by a quantum computer with 10,000 qubits. D-Wave 2X has, IIRC, 2,048 qubits, but it is not a true quantum computer. Some say it isn't even a quantum computer at all, just a fast classical computer. I've read that the Chinese are closer to a true quantum computer than anyone else.
                        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                        – John F. Kennedy, February 26, 1962.

                        Comment


                          #27
                          GG, Ah, you mean obsolete in the sense that they will no longer be useful as a security barrier... Too easy to crack.

                          I find myself unable to imagine another option which will offer secure (ie. private) information storage.

                          We could get ridiculously obscure and complex in trying to make something too difficult to unlock. At what point do we reach the point of no privacy? That's if we aren't there already...

                          Scary thought time... If we are no longer able to keep a secret... well, secret, then how will that change us a human beings?

                          And this thread started as a recommendation on how to lock down your browser... I love thread drift
                          Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                          Comment


                            #28
                            Cryptology has always been an arms race. A "quantum" computer that may be able to quickly crack today's encryption schemes, may also enable tomorrow's encryption schemes.
                            If you think Education is expensive, try ignorance.

                            The difference between genius and stupidity is genius has limits.

                            Comment


                              #29
                              Originally posted by GreyGeek View Post
                              A true quantum computer will be able to apply thousands, hundreds of thousands, millions or hundreds of million passwords at the same time, settling into the minimal energy quantum solution state containing the actual password. They are not serial processors like the ones we are presently using. They aren't even parallel processing like today's "super" computers that have hundreds of thousands of cores. A bit in those computers can be EITHER a zero or a one, but not both at the same time. A qubit can be both at the same time. In 1994 mathematician Peter Shor hit upon a killer app: a quantum algorithm that could find the prime factors of massive numbers, i.e., the kinds of numbers used for encryption algorithms. It has been estimated that a 2,048 bit RSA key can be broken in seconds by a quantum computer with 10,000 qubits. D-Wave 2X has, IIRC, 2,048 qubits, but it is not a true quantum computer. Some say it isn't even a quantum computer at all, just a fast classical computer. I've read that the Chinese are closer to a true quantum computer than anyone else.
                              Just because quantum computers would be very good (and unimaginably fast) at solving some problems, it doesn't mean they are omnipotent. You are correct that most encryption algorithms in use today would fall to quantum processing very quickly, but passwords are not the same as encryption.

                              For example, it would be just as hard to brute force a (non-quantum) server using quantum effects over the internet. While a quantum computer can make a large number of computations simultaneously, it would still be limited to trying different passwords sequentially over the internet on a server similarly to modern computers.

                              The threat that quantum computing poses to passwords is related to the encryption algorithms common in todays communications like tsl/ssl, and the fact that passwords are transmitted between hosts using these encryption methods. If some one can listen on https traffic, for example, quantum computing will make it fairly easy to decode the traffic (and catch the password in this traffic).

                              But that doesn't mean passwords will come extinct (they might be eventually, but more likely because we would have something better), because:
                              1. Passwords will still be quite safe against most threats (it's unlikely that quantum computers will be in the hands of everybody anytime soon)
                              2. We can switch to using a non-quantum cryptographic method that is not vulnerable to quantum computing (https://en.wikipedia.org/wiki/Post-quantum_cryptography)
                              3. Those that are using quantum computers, can even use quantum cryptography...which is even theoretically unbreakable (https://en.wikipedia.org/wiki/Quantum_cryptography).

                              The quantum computers will certainly change communications from what they are today, but passwords won't disappear overnight...and by the time we have functioning quantum computers large enough to threaten modern communications we likely have already replaced passwords with something better.

                              (In a way, we're of course already using quantum computers...semiconductors that fill your computer only work because of quantum mechanics )

                              EDIT: and SpecialEd just put all that in one sentence, great
                              Last edited by kubicle; May 12, 2017, 12:20 AM.

                              Comment


                                #30
                                Originally posted by TWPonKubuntu View Post
                                whatthefunk;

                                I've never trusted password managers because they store the encrypted passwords on my harddrive, which means they can be stolen and subjected to decryption. Sure, it is at least 512bit encryption, but that doesn't make it secure, just very costly to crack.

                                And no, I don't store the secrets to antigravity or longevity on my systems... So I'm not a likely target, but somebody else might be...
                                Sorry to point this out, but if someone breaks into your home and steals your hard drive, your passwords would be the least of your worries, just sayin'

                                Please Read Me

                                Comment

                                Working...
                                X