Password storage?

[Tom Buskey]

On Fri, Jul 19, 2013 at 12:33 PM, Tyson Sawyer <tyson at j3.org> wrote:

> On Fri, Jul 19, 2013 at 12:19 PM, Peter M. Petrakis
> <peter.petrakis at gmail.com> wrote:
> > Besides the notebook next to my computer (yup I admit it!) I'm migrating
> > to this, https://www.passwordcard.org/en.
>
> If I understand correctly, that system would make brute force easy if
> someone got their hands on a copy of the card and knew what to do with
> it?  ...i.e. lost wallet.
>

And if you lose that paper, do you have another copy?  I like having my
address book in Outlook, my blackberry, my Palm, Google, a printout, etc.
 I can lose any one and still have a recent copy.


>
> With things like KeePass, the security isn't in any service.  Its in
> the encryption of the database file.  You can optionally choose to use
> a DropBox type file share/sync service.  ...but the security is still
> in the encryption of the file, not the security of the file share
> service.
>


I like KeePassX on Linux and variations on Android, Windows, iOS and
BlackBerry.  I think WinCE and Java ME phones are covered also.


>
> I use KeePass and KeePassDroid with a cloud based file sync between
> devices.
>
>
And for those devices that can't do that (phones?), you at least get to
carry a read only copy from a past database with you.  I used to use an app
on a Palm for that.

If you do use a cloud servers to copy the DB everywhere, make sure you use
a long enough key.  There are pre made hashes for passwords up to 8
characters already out there.  In formats for /etc/shadow, SAM, keypass,
etc...


On another note, I had my mother keep her passwords in Keepass and share
the master key with me.  She passed away last fall and I was able to access
her accounts to preserve them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20130719/ebeabce0/attachment.html