I have a couple master passwords, but they’re always sort of mutilated based on context… Like putting the username reversed in the middle of it (that’s a stupid example, but you get the point). Gives you more variety with less to remember.
1 Like
I should really start doing that.
1 Like
I use KeepassX for all my accounts and passwords in gnome at home, and windows at work. Crossplatform. As a passphrase, I wrote down, on a piece of paper, 4-random objects in my room. Then i sallted the sh!t out of it.
After a week, it became muscle memory to punch it in. I think it clocks in at 36+ characters.
If you are refering to a large commercial database of usernames and passwords, I would CYI, and go to DEFCON and obtain a hired gun.
2 Likes
I have a master password which opens a note that has all my other passwords.
Write your password in a language you’ve created.
Otherwise, KeepassX
I have heard good thing about KeepassX but I still fail to see why just using chromes manager is worse since im browsing in chrome to start with. Firefox has its manager as well.
This is where I wonder why are the browser managers so bad and the 3rd party managers better ?
Chrome = google, Firefox = plain text stored passwords. KeepassX = Global usage; so logins for email, programs, network & encrypted storage, wifi passwords, etc.
If KeepassX is weak sauce, someone tell me. if there is a setting to thicken the sauce. Please tell me.
Well, currently nothing because i have not decided on what to use. Although i did encrypt with AES-256 and used SHA-256 for the master password hash for verifying. But i thought of that as too weak that’s why I’m here right now.
Hmm, what language did you use and what libraries? Do you have a github or repo of any kind so i can check what you have done? Or can you just post the download file to the project via mediafire or some ftp service.
@kungr @FaunCB @christopherCook This is not about what password manager to get. This is about how to implement safe storage of passwords in a programming language.
1 Like
I think you need to be clearer about what you want. Are you looking for library recommendations?
What are you trying to achieve? As that dictates how you might implement it.
keepassx is written in C++ you could look at that.
1 Like
I’m trying to gather all the things that contribute to making password storage safe.
So, for example using AES for the passwords and then hashing the master key with SHA256.
Of course this is not everything you can do. One additive could be that you salt the hashed master key.
In this case, salting the hash is the additive. So what else can you add-on? (In general, just not for the master key like in this example)
That is what I’m trying to get at, or should i reiterate? Idk, i may be bad at explaining what I’m asking for…
it comes down to AES , salt and hash basically the best you are going to get .
McEliece. Really doesn’t scale well but it was a proof of concept plus it got me a 100% mark for an assignment.
1 Like
No github/Repo. The legality of posting it in my country is questionable. Anti terrorism laws and all that. Plus I am kinda proud of my code since I wrote the algorithm from scratch. There are two api’s that say they implement the algorithm I used Mceliece but Bouncy Castle api is broken for it and another German one is poorly designed.
It was fun though. Error correcting code cryptography
1 Like
This I know !
Hash with RSA salt with AES-256
1 Like
Replace paranoid with smart. Saving passwords on a computer is a bad, Bad, BAD idea on the off chance somebody manages to get that info.
How about just using OAuth OP?