RE: Security of Password-Managers

From: Vertical Rave (verticalrave@hotmail.com)
Date: 05/11/02


From: "Vertical Rave" <verticalrave@hotmail.com>
To: security-basics@securityfocus.com
Date: Sat, 11 May 2002 03:11:11 +0000

Another way that you could keep yourself secure is to group passwords into
certain databases, with a specific seperate password for each. That way if
one password was compromised, you would still have at least another set to
be compromised before you took action.

Personally, I don't like to keep everything in one database, it may seem
like a good thing to do, but unless I come up with the largest password on
Earth to protect it, and the biggest and baddest cipher then its not going
to be possible for me :)

My two cents.
If you're looking for a good cipher, go with anything that is 128bits or
above. 1024 should be hard to crack security. If you're offered DES, dump
that and go with Triple DES.
Verty
verticalrave@hotmail.com
You're not alone. I'm 16. I started working on computers at 7 before the
internet was large, so I don't have that oppertunity that you did. :)
SSNet/FreeLinuxCD Administrator

>From: "Sullivan, Glenn" <GSullivan@DavidClark.com>
>To: 'Adam Shephard' <adams@firstfederalbanking.com>, "'Jonas V.'"
><jonas-v@gmx.net>, security-basics@securityfocus.com
>Subject: RE: Security of Password-Managers
>Date: Thu, 9 May 2002 15:23:18 -0400
>
>To "kick it up a notch" (bam!) I have borrowed from a suggestion on one of
>the security mailing lists:
>
>I have a password manager program (can't remember the name right now... it
>is for reference only, in case I get hit by a bus or get amnesia) but I
>keep
>two copies of the database on USB Memory Sticks. One copy is attached to
>my
>keys, which are janitor-chained to my belt, and another copy is in the
>vault
>with rest of the critical info.
>
>Glenn Sullivan, MCSE+I MCDBA
>David Clark Company Inc.
>
>
>-----Original Message-----
>From: Adam Shephard [mailto:adams@firstfederalbanking.com]
>Sent: Wednesday, May 08, 2002 5:47 PM
>To: 'Jonas V.'; security-basics@securityfocus.com
>Subject: RE: Security of Password-Managers
>
>
>Jonas,
>
>I've only read a bit about Oubilette in the past but it sounded like the
>encryption provided there was not bad-Blowfish, if I remember correctly.
>However, anytime anybody can get to all your passwords by cracking one of
>them you lose a certain amount of security.
>
>Basically, you have to balance what you want to protect against how much
>work you need to do to protect it. If it's something that should be highly
>secure, I wouldn't use a password manager at all.
>
>By the way, your English is fine. Considering that you are 12 and you have
>some basic knowledge of the concepts of password security and there are
>many
>English-speaking, network-managing adults who aren't even aware that you
>shouldn't install IIS if you don't need to serve web pages, you can speak
>any way you want!
>
>Adam
>
>-----Original Message-----
>From: Jonas V. [mailto:jonas-v@gmx.net]
>Sent: Tuesday, May 07, 2002 11:37 AM
>To: security-basics@securityfocus.com
>Subject: Security of Password-Managers
>
>
>Hello!!
>
>I want to use a password-manager like "Oubliette".
>Is this very insecure?
>I can choose a very hard master-password with more than 96 bits lenght.
>What encryption-algorithm and key-lenght use a program like this?
>
>Thanks for everything!
>
>Jonas Vondran <jonas-v@gmx.net>
>
>Please don't laugh about my english!
>I'm german and 12 years old.
>

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com



Relevant Pages

  • Re: How to remove password dialog?
    ... I'd like to have no security setting at ... Backup your secure database ... >then open that bak file you renamed. ...
    (microsoft.public.access.security)
  • Re: Prevent copying to local HD
    ... probably confused issues by stating a database example. ... > security breach. ... We do have Citrix Metaframe. ... Even the passwords are not entirely secure ...
    (microsoft.public.windows.server.security)
  • Re: Securing data
    ... Access provides User Level Security, which is the most secure method ... Why would each staff member have their own database? ...
    (microsoft.public.access.security)
  • Re: locked out
    ... Access 2000 doesn't have Tools, security, workgroup administrator, so are ... Check in the folder where the mdb is located. ... the mdb that the wizard created before it secured your database. ... should know that the wizard is flawed; you'd need to secure it manually. ...
    (microsoft.public.access.security)
  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)