D
dalethorn
Guest
Hey all. I've been pretty lax about password management. I recently got a new desktop and there's still a bunch of websites I only visit on my laptop because I can't recall the passwords to some of the websites. I was even locked out of one of my financial websites from wrong guesses (gotta iron that out today). I've just started a search for a new mode of using passwords. What do folks here do? I like the look of LastPass and only needing to remember one password. I could make it ridiculously complicated if it were only one. Looking forward to hearing opinions from some experts and random forum n00bs like me.
I hung out on cypherpunks with the world's best for 6 months, and I have my own program that offers $15k for a successful crack, even allowing unlimited chosen plaintext attacks. I mention that only for background credibility.
What the world's best would tell you if they trusted you is that crypto programs currently in use by major websites are old and vulnerable, and despite the bogus claims of "128 bit" or higher security, they are easily cracked at the password level. Strong encryption is possible in limited cases, but requires a "passphrase" not a "password". Many more characters are needed.
Managing passwords, let alone the much lengthier passphrases, is a fatally flawed task. You either write them down (bad) or you put them into a file where *all* of the passwords are now secured by a single password to that file. Does anyone see the obvious problem here?
Edit: Then it gets worse - any sites, and even my employer, *require* mixed case passwords. I give you bonus points here if you see what the big security weakness is in requiring mixed case (i.e. limiting a person's selection from a full character set such as a to z, A to Z, and 0 to 9, thus making the passwords non-random). It's what killed the German's Enigma security in WW2, and the idiots making these requirements today haven't learned a thing.