Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

base64 for an easy & strong encrypted key-pass.

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
kopper
Posts: 137
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

#21 Post by kopper »

bester69 wrote:any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters
They might seem unbreakable when you don't consider various facts, like people choosing their passwords themselves rarely use the whole key space when doing so. Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means. Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective. Best way to ensure you're not among the easy targets is to refer to the hundreds of best practices documented online. Like the ones already mentioned in this thread.

You're not defining new paradigm here by stating that 8-10 character password is adequate for all purposes, with every hash algorithm, with or without salting. Frankly, I think you're naive to think that 8-10 characters is future proof with conventional computing hardware, let alone quantum computers which I believe you have even less insight than cryptography.

You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#22 Post by bester69 »

kopper wrote:
bester69 wrote:any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters
They might seem unbreakable when you don't consider various facts, like people choosing their passwords themselves rarely use the whole key space when doing so. Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means. Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective. Best way to ensure you're not among the easy targets is to refer to the hundreds of best practices documented online. Like the ones already mentioned in this thread.

You're not defining new paradigm here by stating that 8-10 character password is adequate for all purposes, with every hash algorithm, with or without salting. Frankly, I think you're naive to think that 8-10 characters is future proof with conventional computing hardware, let alone quantum computers which I believe you have even less insight than cryptography.

You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.
Ive studied a litle bit, and any strong word with a >= 8 characters cant be decoded with nowadays home's CPUs, debiman is freaking by chosing a 40 characters word, :mrgreen: perhaps in five years we will need to increasee that to a >= than 9 characters.

As for quantum computers, forget about that technology, You wont see it in this life (only NASA). It wont be available for home users before One or two hundred years long. I see more chances to contact aliens before that.


As for the topic, I see my purpose, a good, easy to remember and trusted strategy using bas64 + Obscurity.
Ejmp.: dog >> base64(dog) = ua/SnqhgwS >> Obscurity(ua/SnqhgwS=) = u€a/SnqhgwS€=

In my opinion cant be decoded without the Obscurity-algorithm, and you can't decode the algorithm without know it. Its a perfect and easy way to use simple words like "dog, yellow, monday, etc" as passwords, without any possibility to be broken.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#23 Post by debiman »

kopper wrote:Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means.
a.k.a dictionary words.
Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective.
this.

You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.
reinventing indeed:
In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" data, a password or passphrase. (...) The primary function of salts is to defend against dictionary attacks or against its hashed equivalent, a pre-computed rainbow table attack.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#24 Post by RU55EL »

bester69 wrote: [...] In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. [...]
[BS mode ON]

Hmmm...

"password"

perfect...eight digits...totally uncrackable...

[BS mode OFF]

I wonder how long it would take john the ripper to crack "password"?

How did they crack the enigma machine?

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#25 Post by bester69 »

RU55EL wrote:
bester69 wrote: [...] In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. [...]
[BS mode ON]

Hmmm...

"password"

perfect...eight digits...totally uncrackable...

[BS mode OFF]

I wonder how long it would take john the ripper to crack "password"?

How did they crack the enigma machine?
read deeply, we're talking about a strong 8 ASCII characters, this kind of password:
Image
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#26 Post by RU55EL »

bester69 wrote:[...] read deeply, we're talking about a strong 8 ASCII characters[...]
What makes an ASCII character strong 8?

What makes the letters p, a ,s, w, o, r, and d less strong than K, m, f, t, or the number 6, or #, ], }?

I prefer large password with arbitrary numbers, letters and punctuation, it is easy for me to use a 40 digit password. The computer does all the work...that is what password managers are for. (Like KeePassX)

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#27 Post by debiman »

RU55EL wrote:it is easy for me to use a 40 digit password. The computer does all the work...that is what password managers are for. (Like KeePassX)
this.

there's numerous examples in the computer world where somebody said derisevely "we will never ever need more than 12 characters for filenames" or "more than 4 billion IP addresses? you must be mad!" - only to be the one laughed at a few years (ok make that decades) later...

...

according to this it will take 2 days (maximum; i tried 5 different ones) to crack a complete random 8 char password including the full range of ASCII characters.
adding one unicode character (like £ or €) raises that to 2 million years.
i'm not sure how the javascript behind the site works; it can't be all that accurate, but just assuming it's correct:
it says "a computer" - what does that mean?
how long would it take "a supercomputer"?
how long would it take "malware deployed on 10000 home computers"?

is there a better site to test passwords? this one seems to think the opposite: adding unicode chars decreases password strength...

makes me think those online teszting tools are crap in any case...

kopper
Posts: 137
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

#28 Post by kopper »

bester69 wrote:In my opinion cant be decoded without the Obscurity-algorithm, and you can't decode the algorithm without know it.
Keyword here is knowing. You can't implement it anywhere but on your own limited stuff without people finding out how it works exactly. If you use this only yourself, then why not rely on password generators included in various software like Keepass which it seems you are already using. Get the same result, with zero effort. I can't wrap my head around your logic.

It's not about opinion. Obscuring code only slows the first attempts to find out how it works. After that, it's meaningless. Truly secure algorithms provide protection even if you know the internals.
bester69 wrote:As for quantum computers, forget about that technology, You wont see it in this life (only NASA).
This is something that cannot be reliably determined. Everyone, especially those not participating quantum computing research can believe what they want. But if NASA will get it, so will the US government. And probably other nations, for example China, can get it working even faster. So by your estimation, people whose threat model includes nation state will get their pants soiled during our life time.

I feel like I've swallowed a huge bait on this whole thread, so maybe this should be my last contribution. :D
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#29 Post by bester69 »

kopper wrote:..... then why not rely on password generators included in various software like Keepass which it seems you are already using. Get the same result, with zero effort. I can't wrap my head around your logic.
....
Because My purposed idea was to get secure passwords we can always remember.. so we dont have to need available a password manager with a dangerous master key for it.

Imagine you're out and need to get access to some document/application you encrypted.. And you cant run keepassx in the cloud, or you dont have the master key to open an accesible KeepassX module. That's the idea.. we will use easy recordable passwords such as (monday, cat, yellow, 1980, stretch, etc) for each one of our encrypted accounts/documents... As we're using an only knowed obscutity-algorithm + base64 enconding, we can open a browser tab an apply base64 to our simple word (monday, cat, yellow, 1980, stretch, etc) plus our algorithm to compose the secure password and get access to our encrypted account. that's my whole Great idea!! :o EASY PEACE!
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#30 Post by RU55EL »

bester69 wrote: Because My purposed idea was to get secure passwords we can always remember.. so we dont have to need available a password manager with a dangerous master key for it. [...]
I don't use a password manager for my bank accounts or email. I have no problem remembering several 25 digit passwords of arbitrary numbers, letters, and punctuation to access these accounts. It is good to use your brain as well as your computer. There is no reason that you can't remember good passwords if you put in a little effort.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#31 Post by debiman »

RU55EL wrote:I have no problem remembering several 25 digit passwords of arbitrary numbers, letters, and punctuation to access these accounts. It is good to use your brain as well as your computer. There is no reason that you can't remember good passwords if you put in a little effort.
arbitrary?
it is adorable that you are able to do this, but i think it has very little to do with effort, and more with some sort of genetic disposition.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#32 Post by bester69 »

RU55EL wrote:
bester69 wrote: Because My purposed idea was to get secure passwords we can always remember.. so we dont have to need available a password manager with a dangerous master key for it. [...]
I don't use a password manager for my bank accounts or email. I have no problem remembering several 25 digit passwords of arbitrary numbers, letters, and punctuation to access these accounts. It is good to use your brain as well as your computer. There is no reason that you can't remember good passwords if you put in a little effort.
hehehe And then, One day, Ups!!, Your forgot that key you thought wou would never forget.. I have six or eight different passwords in my mind I always use sometime combined with a two steps SMS authentification, but they are all of them easily recordable, not 25 digit passwords.. take care with that.. I recently forgot my whole life 4 number digits account bank,, It was really creepy, suddenly I was using my credit card, so I had forgotten the number i was using for years, insiting with the movil PIN, It got locked. It took me two days or so to recover my mind of that extrange lapsus. :shock: perhaps It have to be with drinking so much on some weekends.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#33 Post by RU55EL »

debiman wrote:
RU55EL wrote:I have no problem remembering several 25 digit passwords of arbitrary numbers, letters, and punctuation to access these accounts. It is good to use your brain as well as your computer. There is no reason that you can't remember good passwords if you put in a little effort.
arbitrary?
it is adorable that you are able to do this, but i think it has very little to do with effort, and more with some sort of genetic disposition.
Can you remember your old phone number from years ago? Or your previous address. No special genetic disposition required.

All it takes is a little effort. I didn't learn the multiplication table overnight, but I was able to learn and remember it. The problem is that many people aren't willing to put in the effort.

These days you really only need to remember one or two good passwords, as long as you have a phone or computer with you. Those passwords can give you access to dozens of other secured passwords.

bester69, I have locked myself out of accounts by repeatedly typing a password too quickly and not realizing the cap lock was on. After the third attempt the account locks...Ooops! No big deal, I just to jump through a few hoops to get the account restored. Also, because we never seem to go anywhere without a cell phone, you should always use two factor authentication with important accounts.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#34 Post by debiman »

RU55EL wrote:Can you remember your old phone number from years ago? Or your previous address. No special genetic disposition required.
i specified "arbitrary", which i took to mean "completely random".
did you not mean that?

fwiw, yes, i remember my childhood phone number. it had 5 digits. and let's be fair, i also still remember the area code, that's 5 more digits.
so make that 9.
still very far from 25, AND that's digits from 0-9, not random characters a-zA-Z0-9 plus all sorts of punctuation.

like i said, if you can, good for you, i can't.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#35 Post by RU55EL »

debiman wrote:[...] i specified "arbitrary", which i took to mean "completely random".
did you not mean that?
That is what I meant. At least, as random as possible. Nothing is truly [mathematically] random.
Last edited by RU55EL on 2018-09-01 06:14, edited 1 time in total.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#36 Post by debiman »

RU55EL wrote:That is what I meant. At least, as random as possible. Nothing is truly random.
how philosophical!
i would say anything a person makes up isn't random at all (and hence easy to remember).

Post Reply