base64 for an easy & strong encrypted key-pass.

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: base64 for an easy & strong encrypted key-pass.

Postby RU55EL » 2018-08-23 07:16

Head_on_a_Stick wrote:
RU55EL wrote:https://howsecureismypassword.net/

Nice site!

Apparently, the password "howsecureismypassword" would take 410 billion years to crack and it's really easy to remember — there's a lesson there for us all, I think :mrgreen:


It is even better at https://www.betterbuys.com/estimating-p ... ing-times/

results for "howsecureismypassword"



INFINITI


Yep, you can't take those password checkers too seriously. We have brains, it's good to use them every so often...
User avatar
RU55EL
 
Posts: 371
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

Postby debiman » 2018-08-26 06:28

debiman wrote:what seems difficult to hack for humans, is easy for machines.

i don't know why this is so difficult to understand?
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.

beside plain dictionary words, the above website does not take any of this into account.

fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.

(*) i'm playing devil's advocate here
User avatar
debiman
 
Posts: 2790
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

Postby bester69 » 2018-08-26 14:40

debiman wrote:
debiman wrote:what seems difficult to hack for humans, is easy for machines.

i don't know why this is so difficult to understand?
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.

beside plain dictionary words, the above website does not take any of this into account.

fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.

(*) i'm playing devil's advocate here


You are very confuse and very wrong if using 40 characters word, In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.

You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you? :shock:
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: base64 for an easy & strong encrypted key-pass.

Postby sunrat » 2018-08-26 22:26

I'll play devil's advocate's sidekick. You don't really need an unbreakable password to hide your pr0n collection. :mrgreen:
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 2425
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: base64 for an easy & strong encrypted key-pass.

Postby debiman » 2018-08-28 05:23

bester69 wrote:You are very confuse and very wrong if using 40 characters word, In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.

You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you? :shock:

i don't know where you are getting these alternative facts from (please do share some links) but i think it's plain to understand that a longer password is harder to crack, duh.
also i don't use "words", but completely randomised passwords, which i do not remember in my head. maybe you need to re-read my last post.
also last time i looked it was still 2018. maybe in besterland the clocks are running faster?
User avatar
debiman
 
Posts: 2790
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

Postby kopper » 2018-08-28 08:34

bester69 wrote:any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters

They might seem unbreakable when you don't consider various facts, like people choosing their passwords themselves rarely use the whole key space when doing so. Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means. Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective. Best way to ensure you're not among the easy targets is to refer to the hundreds of best practices documented online. Like the ones already mentioned in this thread.

You're not defining new paradigm here by stating that 8-10 character password is adequate for all purposes, with every hash algorithm, with or without salting. Frankly, I think you're naive to think that 8-10 characters is future proof with conventional computing hardware, let alone quantum computers which I believe you have even less insight than cryptography.

You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.
Debian 9.5 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 124
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

Postby bester69 » 2018-08-28 13:29

kopper wrote:
bester69 wrote:any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters

They might seem unbreakable when you don't consider various facts, like people choosing their passwords themselves rarely use the whole key space when doing so. Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means. Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective. Best way to ensure you're not among the easy targets is to refer to the hundreds of best practices documented online. Like the ones already mentioned in this thread.

You're not defining new paradigm here by stating that 8-10 character password is adequate for all purposes, with every hash algorithm, with or without salting. Frankly, I think you're naive to think that 8-10 characters is future proof with conventional computing hardware, let alone quantum computers which I believe you have even less insight than cryptography.

You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.


Ive studied a litle bit, and any strong word with a >= 8 characters cant be decoded with nowadays home's CPUs, debiman is freaking by chosing a 40 characters word, :mrgreen: perhaps in five years we will need to increasee that to a >= than 9 characters.

As for quantum computers, forget about that technology, You wont see it in this life (only NASA). It wont be available for home users before One or two hundred years long. I see more chances to contact aliens before that.


As for the topic, I see my purpose, a good, easy to remember and trusted strategy using bas64 + Obscurity.
Ejmp.: dog >> base64(dog) = ua/SnqhgwS >> Obscurity(ua/SnqhgwS=) = u€a/SnqhgwS€=

In my opinion cant be decoded without the Obscurity-algorithm, and you can't decode the algorithm without know it. Its a perfect and easy way to use simple words like "dog, yellow, monday, etc" as passwords, without any possibility to be broken.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: base64 for an easy & strong encrypted key-pass.

Postby debiman » 2018-08-28 17:55

kopper wrote:Even when big key space is supported, people still usually pick something simpler if complexity is not enforced by other means.
a.k.a dictionary words.
Unless you're not trying to target an individual account with strong password, various cracking methods can be quite effective.

this.


You are pulling facts from you rear to support a broken idea of re-inventing something (password salting) which is already properly done elsewhere.

reinventing indeed:
In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" data, a password or passphrase. (...) The primary function of salts is to defend against dictionary attacks or against its hashed equivalent, a pre-computed rainbow table attack.
User avatar
debiman
 
Posts: 2790
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

Postby RU55EL » 2018-08-28 18:27

bester69 wrote:[...] In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. [...]


[BS mode ON]

Hmmm...

"password"

perfect...eight digits...totally uncrackable...

[BS mode OFF]

I wonder how long it would take john the ripper to crack "password"?

How did they crack the enigma machine?
User avatar
RU55EL
 
Posts: 371
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

Postby bester69 » 2018-08-28 20:01

RU55EL wrote:
bester69 wrote:[...] In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. [...]


[BS mode ON]

Hmmm...

"password"

perfect...eight digits...totally uncrackable...

[BS mode OFF]

I wonder how long it would take john the ripper to crack "password"?

How did they crack the enigma machine?


read deeply, we're talking about a strong 8 ASCII characters, this kind of password:
Image
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: base64 for an easy & strong encrypted key-pass.

Postby RU55EL » 2018-08-28 20:08

bester69 wrote:[...] read deeply, we're talking about a strong 8 ASCII characters[...]

What makes an ASCII character strong 8?

What makes the letters p, a ,s, w, o, r, and d less strong than K, m, f, t, or the number 6, or #, ], }?

I prefer large password with arbitrary numbers, letters and punctuation, it is easy for me to use a 40 digit password. The computer does all the work...that is what password managers are for. (Like KeePassX)
User avatar
RU55EL
 
Posts: 371
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

Postby debiman » 2018-08-29 06:01

RU55EL wrote:it is easy for me to use a 40 digit password. The computer does all the work...that is what password managers are for. (Like KeePassX)

this.

there's numerous examples in the computer world where somebody said derisevely "we will never ever need more than 12 characters for filenames" or "more than 4 billion IP addresses? you must be mad!" - only to be the one laughed at a few years (ok make that decades) later...

...

according to this it will take 2 days (maximum; i tried 5 different ones) to crack a complete random 8 char password including the full range of ASCII characters.
adding one unicode character (like £ or €) raises that to 2 million years.
i'm not sure how the javascript behind the site works; it can't be all that accurate, but just assuming it's correct:
it says "a computer" - what does that mean?
how long would it take "a supercomputer"?
how long would it take "malware deployed on 10000 home computers"?

is there a better site to test passwords? this one seems to think the opposite: adding unicode chars decreases password strength...

makes me think those online teszting tools are crap in any case...
User avatar
debiman
 
Posts: 2790
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

Postby kopper » 2018-08-29 06:33

bester69 wrote:In my opinion cant be decoded without the Obscurity-algorithm, and you can't decode the algorithm without know it.

Keyword here is knowing. You can't implement it anywhere but on your own limited stuff without people finding out how it works exactly. If you use this only yourself, then why not rely on password generators included in various software like Keepass which it seems you are already using. Get the same result, with zero effort. I can't wrap my head around your logic.

It's not about opinion. Obscuring code only slows the first attempts to find out how it works. After that, it's meaningless. Truly secure algorithms provide protection even if you know the internals.

bester69 wrote:As for quantum computers, forget about that technology, You wont see it in this life (only NASA).

This is something that cannot be reliably determined. Everyone, especially those not participating quantum computing research can believe what they want. But if NASA will get it, so will the US government. And probably other nations, for example China, can get it working even faster. So by your estimation, people whose threat model includes nation state will get their pants soiled during our life time.

I feel like I've swallowed a huge bait on this whole thread, so maybe this should be my last contribution. :D
Debian 9.5 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 124
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

Postby bester69 » 2018-08-29 13:09

kopper wrote:..... then why not rely on password generators included in various software like Keepass which it seems you are already using. Get the same result, with zero effort. I can't wrap my head around your logic.
....


Because My purposed idea was to get secure passwords we can always remember.. so we dont have to need available a password manager with a dangerous master key for it.

Imagine you're out and need to get access to some document/application you encrypted.. And you cant run keepassx in the cloud, or you dont have the master key to open an accesible KeepassX module. That's the idea.. we will use easy recordable passwords such as (monday, cat, yellow, 1980, stretch, etc) for each one of our encrypted accounts/documents... As we're using an only knowed obscutity-algorithm + base64 enconding, we can open a browser tab an apply base64 to our simple word (monday, cat, yellow, 1980, stretch, etc) plus our algorithm to compose the secure password and get access to our encrypted account. that's my whole Great idea!! :o EASY PEACE!
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: base64 for an easy & strong encrypted key-pass.

Postby RU55EL » 2018-08-29 17:56

bester69 wrote:Because My purposed idea was to get secure passwords we can always remember.. so we dont have to need available a password manager with a dangerous master key for it. [...]


I don't use a password manager for my bank accounts or email. I have no problem remembering several 25 digit passwords of arbitrary numbers, letters, and punctuation to access these accounts. It is good to use your brain as well as your computer. There is no reason that you can't remember good passwords if you put in a little effort.
User avatar
RU55EL
 
Posts: 371
Joined: 2014-04-07 03:42
Location: /home/russel

PreviousNext

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable