How to increase the security!
1. For years now...
I've held ALL of my MANY sets of info [includes username, password, security info, URL's, etc]...
In my "Acersose Password Vault" [APV].
2. APV is a Windows program that can either be installed, or run portable.
I choose to run it portable, in both Win2000Pro->[almost never], and each of my Puppies using WINE.
The exe file is held on a dedicated partition [holding ALL my portable Windows programs], on a separate/dedicated internal HDD [Windows uses 1 of the other partitions].
Normally, none of these partitions are mounted.
3. To gain access to the vault...
I need only remember my username and fairly long but easily rememberd password.
Once in there I typically copy and paste the needful.
Hence, stuff can be long and complex and still be easy to work with.
APV can auto-generate passwords of a length [and with types of characters] specified by the user.
New entries are easy to create.
Saves can be made manually.
Backups are automatic.
4. The number of sets of info [entries] is HUGE.
Can't think of any other way of dealing with all of that.
Very useful too.
I can keep all sorts of info in there.
And it's both SECURE->[difficult to gain access to] and SAFE->[protected from loss by multi-auto-backup].
I've held ALL of my MANY sets of info [includes username, password, security info, URL's, etc]...
In my "Acersose Password Vault" [APV].
2. APV is a Windows program that can either be installed, or run portable.
I choose to run it portable, in both Win2000Pro->[almost never], and each of my Puppies using WINE.
The exe file is held on a dedicated partition [holding ALL my portable Windows programs], on a separate/dedicated internal HDD [Windows uses 1 of the other partitions].
Normally, none of these partitions are mounted.
3. To gain access to the vault...
I need only remember my username and fairly long but easily rememberd password.
Once in there I typically copy and paste the needful.
Hence, stuff can be long and complex and still be easy to work with.
APV can auto-generate passwords of a length [and with types of characters] specified by the user.
New entries are easy to create.
Saves can be made manually.
Backups are automatic.
4. The number of sets of info [entries] is HUGE.
Can't think of any other way of dealing with all of that.
Very useful too.
I can keep all sorts of info in there.
And it's both SECURE->[difficult to gain access to] and SAFE->[protected from loss by multi-auto-backup].
I'm very naive and bad at doing logic but follow this.
For years they have tested what happens when some noob
get a computer and start it up and get out on internet.
I trust that pcworld.com and similar mags has done like our
idg.se did. They have tested this with WinXP and Win Vista
and Win7 and within some 5 to 10 minutes the machine is full
of trojans and other things from the internet and this without that
person having to visit any dangerous sites.
So my logic tells me that if one have puppy with Wine then
would not the same happen instantly due the wine allowing it all in?
What is the difference? Why would it be safer with wine?
For years they have tested what happens when some noob
get a computer and start it up and get out on internet.
I trust that pcworld.com and similar mags has done like our
idg.se did. They have tested this with WinXP and Win Vista
and Win7 and within some 5 to 10 minutes the machine is full
of trojans and other things from the internet and this without that
person having to visit any dangerous sites.
So my logic tells me that if one have puppy with Wine then
would not the same happen instantly due the wine allowing it all in?
What is the difference? Why would it be safer with wine?
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
- puppy_apprentice
- Posts: 299
- Joined: Tue 07 Feb 2012, 20:32
it is better to use virtual machines like QEMU or VirtualBox, if u will use in Wine only trusted apps from trusted sities u should be safe (Wine is not windows it gives for app only an illusion that it runs on Windows), if u will get eg. some macro virus for Outlook it will only work if u will work with Outlook in Wine, Windows viruses or macro scripts (jscript, vbscript etc.) will not work in Linux
but it is possible to write a virus that will compatible with Wine, it will use Wine holes etc.
http://linux.slashdot.org/story/09/10/2 ... s-via-wine
http://forum.winehq.org/viewtopic.php?t ... 47fe12ac85
http://superuser.com/questions/187548/w ... ws-viruses
http://forums.fedoraforum.org/showthread.php?t=269419
http://www.linuxquestions.org/questions ... em-851808/
http://www.linuxforums.org/forum/wine/1 ... ruses.html
but it is possible to write a virus that will compatible with Wine, it will use Wine holes etc.
http://linux.slashdot.org/story/09/10/2 ... s-via-wine
http://forum.winehq.org/viewtopic.php?t ... 47fe12ac85
http://superuser.com/questions/187548/w ... ws-viruses
http://forums.fedoraforum.org/showthread.php?t=269419
http://www.linuxquestions.org/questions ... em-851808/
http://www.linuxforums.org/forum/wine/1 ... ruses.html
The character sequence can be another MD5 ...Barkin wrote:password generation
["+salt" is any character sequence which you commit to memory and never write down,
character sequence preferably not a word in any dictionary, "+salt" isn't , "salt" is , the longer the character sequence the better ]
- Attachments
-
- use MD5 of ''+salt'' as salt.png
- screengrab
- (8.2 KiB) Downloaded 731 times
-
- Posts: 84
- Joined: Sat 12 Mar 2011, 16:21
OK!
Hi guys!. Thanks a lot for continuous advices!
Sylvander, like the others guys I prefer to use Linux rather than Windows because of more security...
nooby, I think the same as you. Just everybody should use Linux
puppy_apprentice, you know? I didn't use Wine yet, because of there are so many useful packages for linux distributions
Barkin, I appreciate your continuous support!, Where can I get MD5 password generator?
Thanks a lot! Best wishes all of you
Lobster those password generators seem to be good. Also I think I don't order a Raspberry Pi, because I might have some troubles creating a password generator... (What do is the meaning of budding tin hats?)Lobster:
password generation
http://www.murga-linux.com/puppy/viewto ... 884#316884
For all you budding tin hats
Why not order a Raspberry Pi
http://puppylinux.org/wikka/Puppi
and create
a password generator and changer?
Barkin MD5 seems to be a good password generator, but:Barkin:
With my method you can safely write down ...
Does it mean MD5 is not enough strong?. Also I can't find a link to download itA 2009 attack by Tao Xie and Dengguo Feng breaks MD5 collision resistance in 220.96 time. This attack runs in a few seconds on a regular computer
Sylvander, like the others guys I prefer to use Linux rather than Windows because of more security...
nooby, I think the same as you. Just everybody should use Linux
puppy_apprentice, you know? I didn't use Wine yet, because of there are so many useful packages for linux distributions
Barkin, I appreciate your continuous support!, Where can I get MD5 password generator?
Thanks a lot! Best wishes all of you
Re: OK!
Same here.shoutcrown wrote:Sylvander, like the others guys I prefer to use Linux rather than Windows because of more security...
The reasons I'm continuing to use this Windws portable program is:
(a) I used it for years prior to the point in time at which I discovered Puppy Linux.
(b) It's easy to just continue to use it.
(c) It's a REALLY GOOD program.
Does its job wonderfully well.
Re: OK!
"tin foil hat" is a joke name for people who are overly concerned with security and incorrectly believe they are under observation ... https://en.wikipedia.org/wiki/Tinfoil_hatshoutcrown wrote:What do is the meaning of budding tin hats?
My Puppy 525 comes with "GtkHash" (see "utility", "general utilities") which calculates MD5 and SHA1 of strings of characters (i.e. "text"), or files.shoutcrown wrote:... Where can I get MD5 password generator?
There are MD5 calculators which can run in your browser (via javascript), e.g. ... http://pajhome.org.uk/crypt/md5/
And there are online MD5 calculators ... http://hash.online-convert.com/md5-generator but "online" means your passwords will be transmitted unencrypted over the internet
- Attachments
-
- gtkhash location in puppy 525.png
- screengrab
- (17.38 KiB) Downloaded 486 times
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
I've been using Password Gorilla to store my passwords...Sylvander wrote:1. For years now...
I've held ALL of my MANY sets of info [includes username, password, security info, URL's, etc]...
In my "Acersose Password Vault" [APV].
Last edited by RetroTechGuy on Wed 02 May 2012, 14:52, edited 1 time in total.
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
- puppy_apprentice
- Posts: 299
- Joined: Tue 07 Feb 2012, 20:32
u can use MD5 as a password generator, but MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods)Barkin MD5 seems to be a good password generator...
u write in fields eg. login: user, password: qL2a9.! and before they will be stored in site database they will be encrypted via MD5, if u will login to site and write your login and password (the same like above), data again will be encrypted and compared with encrypted data from database
for storing password in linux i'm using those:
GPassword Manager http://sourceforge.net/projects/gpasswordman/
Password Dragon http://www.passworddragon.com/
LastPass https://lastpass.com/
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
Why?puppy_apprentice wrote:u can use MD5 as a password generator, but MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods)Barkin MD5 seems to be a good password generator...
The MD5, as used, is the "text password", which is then MD5 hashed once again for the password server. Such a "random" string would typically be more secure than "ESAD" or "Password" or any of the simple memorable passwords people use.
And while it may not be perfect, it is very likely to NOT be the weakest link...
Why Cryptography Is Harder Than It Looks, By Bruce Schneier
http://www.schneier.com/essay-037.html
Choosing Secure Passwords, By Bruce Schneier
http://www.schneier.com/blog/archives/2 ... ecure.html
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
- puppy_apprentice
- Posts: 299
- Joined: Tue 07 Feb 2012, 20:32
yep i agree please read my example:Why?
The MD5, as used, is the "text password", which is then MD5 hashed once again for the password server. Such a "random" string would typically be more secure than "ESAD" or "Password" or any of the simple memorable passwords people use.
in the field password user has to write qL2a9.! or Z!$d.4F0£XXXXX where X is randow character/digit/symbol or any random chain and ofcourse it don't have to start with Z!$d.4F0£ it is only example like looks my passwords, i try to use in my passwords digits/chars/numberspassword: qL2a9.!
u use md5 to get your randow passwords (from your string + salt) i use my fingers to produce my random passwords and check them on GRC.COM site if they are "strong enough":
,but as i said i store passwords in my site encrypted using methods available in PHP, so again i write in my site Z!$d.4F0£XXXXX as a password to login, my script is adding salt to this password andwhole chain is hashed via MD5 or SHA1 or another and stored in mysql database in my site
and i store all my random passwords in apps mentioned in earlier post, they have options to generate strong passwords, and encrypt them in AES, Blowfish etc.
i think that we speak about the same, but this methode is used to store passwords on internet sities (i add to your info some more info)
-
- Posts: 84
- Joined: Sat 12 Mar 2011, 16:21
holas!
hi guys!
Sylvander, that's right!. Windows and his programs may be more easy to use so many people doesn't want to use other OS. Also everybody is free to choose which OS and programs to use.
Barkin, that's funny..., (i guess i am buddy tin hat or tin foil hat... I don't care!). You know?, I had Lucid 528, but there is no drivers for TP-LINK TL-WN722N to install on Lucid (there is those drivers only for Slacko 531). So I am using right now Slacko Puppy Linux 531. I mean Slacko doesn't have GTKhash. Like you say if I use MD5 in the browser then anybody can see my passwords... That wouldn't be a good idea.
RetroTechGuy, thanks
[puppy_apprentice]MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods) [/puppy_apprentice]
puppy_apprentice and RetroTechGuy, ok, so using MD5 perhaps is a risk... (there is nothing perfect, isn't?).
The security is a deep issue, and there is nothing perfect, isn't?. Like sickgut say:
http://www.murga-linux.com/puppy/viewtopic.php?t=77746
[sickgut]if someone wants to hack you they will, no matter what security you have in place. Most govenments in the world dont actually let a product hit the shelves unless is can be backdoored or there is govenment approved backdoor in it, this is how they fight cyber crime[/sickgut]
Maybe finally i will keep writing by myself my passwords and changing them usually
Thanks a lot! bye
Sylvander, that's right!. Windows and his programs may be more easy to use so many people doesn't want to use other OS. Also everybody is free to choose which OS and programs to use.
Barkin, that's funny..., (i guess i am buddy tin hat or tin foil hat... I don't care!). You know?, I had Lucid 528, but there is no drivers for TP-LINK TL-WN722N to install on Lucid (there is those drivers only for Slacko 531). So I am using right now Slacko Puppy Linux 531. I mean Slacko doesn't have GTKhash. Like you say if I use MD5 in the browser then anybody can see my passwords... That wouldn't be a good idea.
RetroTechGuy, thanks
[puppy_apprentice]MD5 is used widely to encrypt user logins and passwords eg. on online services (and yes it could be decrypted, so it is better to use other hashing methods) [/puppy_apprentice]
puppy_apprentice and RetroTechGuy, ok, so using MD5 perhaps is a risk... (there is nothing perfect, isn't?).
The security is a deep issue, and there is nothing perfect, isn't?. Like sickgut say:
http://www.murga-linux.com/puppy/viewtopic.php?t=77746
[sickgut]if someone wants to hack you they will, no matter what security you have in place. Most govenments in the world dont actually let a product hit the shelves unless is can be backdoored or there is govenment approved backdoor in it, this is how they fight cyber crime[/sickgut]
Maybe finally i will keep writing by myself my passwords and changing them usually
Thanks a lot! bye
Online and in-browser are different. Online transmits data over the internet, in-browser doesn’t. Attached is a zip file “arcane MD5shoutcrown wrote: Like you say if I use MD5 in the browser then anybody can see my passwords... That wouldn't be a good idea.
- Attachments
-
- My paypal account details, help yourself.zip
- an encrypted zip file (256 bit AES) password is an MD5
- (294 Bytes) Downloaded 430 times
-
- Arcane MD5.zip
- an in-browser MD5 calculator, requires javascript.
- (27.19 KiB) Downloaded 427 times
-
- Posts: 84
- Joined: Sat 12 Mar 2011, 16:21
OK!
hi Barkin!
Je, je!!!. There was a confusion!
[quote]Barkin:
Online and in-browser are different. Online transmits data over the internet, in-browser doesn’t. Attached is a zip file “arcane MD5
Je, je!!!. There was a confusion!
[quote]Barkin:
Online and in-browser are different. Online transmits data over the internet, in-browser doesn’t. Attached is a zip file “arcane MD5
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
Re: holas!
Huh? I think that I said just the opposite. I see nothing wrong with using an MD5 hash for the password.shoutcrown wrote: puppy_apprentice and RetroTechGuy, ok, so using MD5 perhaps is a risk... (there is nothing perfect, isn't?).
Your best defense is a password that isn't dictionary testable...that reduces the attack to brute force, which pretty well ends the attack. (and I doubt that your MD5 will be in the dictionary).
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
Passwords
My point was to use the MD5 calculator for computer passwords, e.g.shoutcrown wrote: ... Now I can test how to create automatic passwords. It's very useful, but I shouldn't use any known word, just some other characters sequence, right?.
Barkin’s list of online account “passwords
Just remembered Puppy can calculate MD5 via console (aka terminal) ... http://puppylinux.org/wikka/md5sum
http://www.puppylinuxfaq.org/how-to/20-linux-tips/44-copy-and-paste-to-terminal.html
http://www.puppylinuxfaq.org/how-to/20-linux-tips/44-copy-and-paste-to-terminal.html
- Attachments
-
- md5 of string in file calculated via puppy command line (GTK hash confirms MD5 is correct).png
- screengrab
- (17.56 KiB) Downloaded 766 times
Last edited by Barkin on Wed 02 May 2012, 05:35, edited 3 times in total.
Does this affect the vulnerability that I read about yesterday?
I try to find links this one and another that I don't find now
http://blogs.computerworld.com/19518/br ... vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
only four pin security despite having 8 pin. They only need to brute force
the first 4 pin and then they know the rest? Too easy is it not?
I try to find links this one and another that I don't find now
http://blogs.computerworld.com/19518/br ... vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
only four pin security despite having 8 pin. They only need to brute force
the first 4 pin and then they know the rest? Too easy is it not?
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
That's a new flaw, the eight digit pin is different from the Wi-Fi key.nooby wrote:Does this affect the vulnerability that I read about yesterday?
http://blogs.computerworld.com/19518/br ... vulnerable
this maybe
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
My (old?) router doesn't have one of those PIN things: any device which connects to my router via wifi requires the WPA2 wi-fi key, (16 character alphanumeric passphase).
-
- Posts: 84
- Joined: Sat 12 Mar 2011, 16:21
internet security
Hi barkin!
A long time ago I had to learn many long email passwords (what a waste of time!)
Thanks a lot!
A long time ago I had to learn many long email passwords (what a waste of time!)
Thanks a lot!