Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 19 Sep 2018, 22:51
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Master Password
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [1 Post]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1322
Location: Canada

PostPosted: Thu 29 Mar 2018, 11:00    Post subject:  Master Password
Subject description: a completely new way of thinking about passwords
 

So many password managers out there, why bother with this one? Because there is no other like it.

A password is a secret that is known only to the party providing a service and the party that should be allowed access to this service.

Simple enough - a secret that you know and your website knows but nobody else, thereby guaranteeing that you and only you have access to your account on this website. Unfortunately, in practice, the ubiquitous use of passwords has us completely overwhelmed. And the only way we can cope with that is by finding ways of making the problem manageable
.

The theory behind Master Password starts with accepting that it is impossible to keep track of passwords for all your accounts. Instead, we return to the core premise of the password: a secret phrase that you can remember easily, all by yourself.

Master Password solves this problem by letting you remember one and only one password. You use this password with Master Password only. Master Password then gives you access to any website or service you want by creating a website-specific key for it.



1-You sign into Master Password using your one password.
2-You ask Master Password for the key to enter your website, eg. twitter.
3-You log into twitter using your username and the key from Master Password.

Master Password is not a password manager. It does not store your website passwords. Therefore, there is zero risk of you losing your website passwords (or them falling in the wrong hands). Master Password simply uses your one password and the name of the site to generate a site-specific secret.


Let's find out more about Master Password :
http://masterpasswordapp.com/

https://github.com/Lyndir/MasterPassword/blob/master/README.md

Use Java for Master Password to be platform-independent and build it from source.

Java

Go into the gradle directory and run ./gradlew build. All Java components will then be built:

platform-independent/gui-java/build/distributions: contains an archive with the Master Password Java GUI. Unpack it and run the gui script.
platform-independent/cli-java/build/distributions: contains an archive with the Master Password Java command-line interface. Unpack it and run the cli script.
platform-android/build/outputs/apk: contains the Android application package. Install it on your Android device.

Note that in order to build the Android application, you will need to have the Android SDK installed and either have the environment variable ANDROID_HOME set to its location or a gradle/local.properties file with its location, eg. (for Homebrew users who installed the SDK using brew install android-sdk):

sdk.dir=/usr/local/opt/android-sdk

Git : https://github.com/Lyndir/MasterPassword.git

Further reading :
classic password managers :
https://www.linux.com/learn/two-best-password-manager-gui-apps-linux
Political consideration to take into account about passwords and cryptography, referred to as key disclosure law

In fact, many countries provide their officers with a legal grounds for forcing you to divulge your encryption keys to any encrypted information they've recovered during a warranted search.

Again, unlike ordinary password managers, Master Password might have an edge here. If you make no use of stored passwords, Master Password doesn't actually encrypt anything with your master password. That means, when your devices are seized, these legal grounds may no longer apply. Note however that this does not constitute legal advice and that this theory has never been tested in practice.

For your safety, we recommend that in preparation of travelling, you change the master password for your user on the device. That way, if your device is seized by a foreign entity and they force you to divulge your master password, you'll likely be fully compliant by simply giving up the new master password even though it will cause the app to generate invalid passwords for all your sites. Later, you can always change the master password back to the real one.


Time to crack a master password :
http://masterpasswordapp.com/faq.html

9174 50 minutes
v9ea30 560 years
correct horse battery staple > age of the universe
I once had a red ball > age of the universe

Conclusion :
A master password does not need to be difficult to remember, such as Togu3]ToxiBuzb.

To use the platform-independant java Master Password, download it from here :
https://github.com/Lyndir/MasterPassword/, clicking on Desktop link, and save file in your download folder. Then open folder and a terminal :
java -jar masterpasswordgui.jar.

But before you can use Master Password, you need to build its components. To that end, you need openjdk-8-jdk. Download it from PPA or with APT (#apt install openjdk-8-jdk).
Once this is done, go to your master password folder, downloaded from git, and open gradle folder. In terminal : ./gradlew build
It takes about 10 minutes to build.

Now you are ready to use Master Password, and make the most of its unique features.

It should not be long before this application is part of Debian/Ubuntu repositories. It is sooooooooooo much better than other password managers.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [1 Post]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0326s ][ Queries: 11 (0.0073s) ][ GZIP on ]