Bitcoin Forum
September 18, 2024, 01:21:55 PM *
News: Latest Bitcoin Core release: 27.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Password Managers  (Read 980 times)
btcton (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1007


View Profile
September 08, 2013, 07:33:49 PM
 #1

Which one do you currently use or recommend, if any at all? Currently I am using Dashlane, but I've heard a lot about 1Password and LastPass. Dashlane, the one I'm trying out has an iPhone App, which is why I use it. If you want to try it, you can use my referral link so that we both get 6 months of free premium.

So, do you use any password manager, and why?

The signature campaign posters adding useless redundant fluff to their posts to reach their minimum word count are lowering my IQ.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1257


May Bitcoin be touched by his Noodly Appendage


View Profile
September 08, 2013, 07:55:35 PM
 #2


Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
btcton (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1007


View Profile
September 08, 2013, 08:15:11 PM
 #3


Heck, must be huge.

The signature campaign posters adding useless redundant fluff to their posts to reach their minimum word count are lowering my IQ.
tkbx
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 10, 2013, 02:20:18 AM
 #4

I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.

Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program

Similarities to traditional password managers:
- One password for everything

Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
September 10, 2013, 02:26:05 AM
Last edit: September 10, 2013, 02:37:48 AM by CIYAM Open
 #5

- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.

Note that the world "salt" here is not what is generally meant in encryption nowadays (the usual meaning now is a random nonce or timestamp that is stored *unencrypted* to be mixed in with the password in order to prevent the creation of "rainbow tables").

I do something similar using an "encrypted seed" (whose initial value was obtained from /dev/random) which is encrypted by the "universal password" - the decrypted seed then has characters appended to identify the website (e.g. "bt" for Bitcointalk although normally I'd use more characters) and then the concatenated string is put through a number of hash rounds.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
September 10, 2013, 10:55:52 AM
 #6

LastPass, or your brain.
btcton (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1007


View Profile
September 10, 2013, 11:46:43 AM
 #7

I wrote my own. I enter the location I'm using the password (website, BTC wallet's address, etc), along with my universal password, and it's hashed, then encoded to base64, shortened to 18 characters, and then a percent sign is inserted in the middle for sites that require a special character. Say my "universal" password (used to generate the per-site passwords) was "hello". My password for bitcointalk would be "YjNlY2MwM%WWpObFkyT". Using the same password, my password for reddit would be OTNlODU4M%T1RObE9EV.

Advantages over traditional password managers:
- Can use it anywhere (I made a javascript version that I put on a subdomain of my personal domain so I can use it on any computer should I need it in an emergency)
- No password database (since the passwords are generated using the same info every time, I can theoretically store something like 10^100000000000 passwords without using more disk space than the 10kb program

Similarities to traditional password managers:
- One password for everything

Disadvantages to traditional password managers:
- Can't generate a new password for a site without changing my universal password (say my hypothetical reddit password, OTNlODU4M%T1RObE9EV, is compromised. I would need to start using the key "reddit2" if I wanted to change it. This has happened before when I accidentally pasted the password into IRC, but nobody knows where it goes and the site isn't very important.)
- Security is hypothetical. My passwords should be very secure, because they're based upon SHA256 hashes salted with my "universal" password. But "roll your own" encryption is always inadvisable.
Not bad! I might try this myself!

The signature campaign posters adding useless redundant fluff to their posts to reach their minimum word count are lowering my IQ.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
September 10, 2013, 02:06:27 PM
 #8

KeePassX on linux and KeePass on windows, the databases are compatible.
You can use also a deterministic chain(brainwallet) created from a passphrase as values and for username/website you create a plain list like.
gmail  bob123  1(password is the the first value from the chain)
yahoo bob234  2

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
bitcoindigi
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 10, 2013, 03:14:41 PM
 #9

I use my brain/truecrypted excel and lastpass for trash sites Smiley
bitcoindigi
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 10, 2013, 04:18:13 PM
 #10

trying keepass, I love it already Cheesy thanks for mentioning it!
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
September 11, 2013, 10:53:59 AM
 #11

trying keepass, I love it already Cheesy thanks for mentioning it!

Yeah that's a good one. i don't know how i forgot to mention it.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!