Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 3 of 5 < 1 2 3 4 5 >
Topic Options
#241396 - 02/17/12 05:36 PM Re: Carrying passwords... [Re: adam2]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2058
Loc: Colorado
Originally Posted By: adam2
There is a lot to be said for useing the phone numbers or birthdays of living or deceased relatives as passwords, ones OWN details might be too easily guesed.

Whether it's your birthday or mine, there are only 365 different possibilities in a year. A single human could go through all those possibilities in a few hours. A computer in a few milliseconds. Even if you add the year to the birthday, we're only talking seconds or minutes for a computer to guess each possibility. You have to remember that computer crackers are not specifically targeting YOU usually, they are targeting anything they can get. If you happen to be the poor soul who's birthday is January 1st, 2001 and you use 010101 as your password because you think there are a lot of birthdays out there - too many for even a computer to figure out - you're going to be owned on about the third guess.

Top
#241400 - 02/17/12 06:45 PM Re: Carrying passwords... [Re: haertig]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
Many tricks (disguises, mnemonics, etc) mentioned here may be fine for non-critical stuff. However, a reasonably skilled hacker would think those cracks are child's play. A good hacker isn't sitting there staring at your passwords. They're dealing with computer programs that have complex algorithms involving complex math that does most of the work. The hackers are not trying hard at all.

Do you think nobody cares that much about your passwords? Well, they probably don't, but the hack isn't hard. The situation is your laptop or cell phone is stolen/lost. The hacker has all the time in the world at that point. Again, they're not trying hard. Their tools are doing most of the work.

I embrace that concept. I do not leave passwords exposed in any manner. If I use a system for disguising passwords, it's after I've applied some sort of password holding software program.
_________________________
If you're reading this, it's too late.

Top
#241403 - 02/17/12 07:17 PM Re: Carrying passwords... [Re: TeacherRO]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
Off topic sorta...

I really hate admitting this, but password protection may be a situation where good ol' pen and paper is superior. That is, if you store the paper in one safe. At that point, the only way to get the password (from you) is by getting into that safe or into your brain. You leave no exposure via your lost computers, cloud computing, etc.

Even better is store passwords on an encrypted computer who's single purpose in life is to store your passwords, and then lock that encrypted computer in one physical safe. (Storage in only your brain is obviously the highest security, but for me personally that's not an option.)

All the fancy encryption algorithms cannot beat a system where your password is simply not stored on any computer in any way, shape, or form. Of course, your third parties (e.g., bank computers) store passwords somewhere, but you have no control over that storage.
_________________________
If you're reading this, it's too late.

Top
#242632 - 03/07/12 05:50 PM Re: Carrying passwords... [Re: TeacherRO]
Chisel Offline
Old Hand

Registered: 12/05/05
Posts: 1155
If you are using paper ( or index card ) for your passwords, it may help to throw some imaginary passwords in the mix. Just like remembering strokes on the keyboard, you will remember which ones are real passwords and which ones are fake.



Top
#242640 - 03/07/12 09:52 PM Re: Carrying passwords... [Re: ireckon]
ILBob Offline
Old Hand

Registered: 02/05/10
Posts: 776
Loc: Northern IL
Originally Posted By: ireckon
Off topic sorta...

I really hate admitting this, but password protection may be a situation where good ol' pen and paper is superior. That is, if you store the paper in one safe. At that point, the only way to get the password (from you) is by getting into that safe or into your brain. You leave no exposure via your lost computers, cloud computing, etc.

Even better is store passwords on an encrypted computer who's single purpose in life is to store your passwords, and then lock that encrypted computer in one physical safe. (Storage in only your brain is obviously the highest security, but for me personally that's not an option.)

All the fancy encryption algorithms cannot beat a system where your password is simply not stored on any computer in any way, shape, or form. Of course, your third parties (e.g., bank computers) store passwords somewhere, but you have no control over that storage.

No one stores passwords anymore. Encrytped or otherwise.

What is stored is a one way hash. There is no way to get the password from the hash.

When you enter your password, the password you enter is put thru the hash algorithm and the output compared to the hash stored on the computer system. If the correct password was entered, the hash will be the same.

But there is no way to go backwards from the hash and get the password.
_________________________
Warning - I am not an expert on anything having to do with this forum, but that won't stop me from saying what I think. smile

Bob

Top
#242641 - 03/07/12 09:54 PM Re: Carrying passwords... [Re: ireckon]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3059
Loc: USA
Originally Posted By: ireckon
Of course, your third parties (e.g., bank computers) store passwords somewhere, but you have no control over that storage.


Okay, the following is super-nerdy and nitpicky, and may not be of interest to anyone.

Most systems don't store your password. They store a hash of your password instead. A hash function is supposed to be a mathematical "trap door" that takes an input, does math to it and comes out with a fixed-length output that's repeatable and unique to the input. That's impossible, so there are multiple inputs that can repeat the same output. That's called a hash collision.

Anyway, when you enter your password, the system authenticating you performs the same hash function on your input and compares the hash output to the hash output it has stored in your user record.

Top
#242651 - 03/08/12 02:43 AM Re: Carrying passwords... [Re: TeacherRO]
JBMat Offline
Old Hand

Registered: 03/03/09
Posts: 745
Loc: NC
You can pen and paper store a password if you have a system.

Here's one. Password is combination of a word, with numbers and symbols. Then you encode it for yourself.

"pizzabyTigger88" is what is written

To me that means the password is "pepper93))oni"

Pizza = pepper oni
byTigger = the year my cat Tigger was born
88 = )) - caps and add a key

And only I know the last 3 letters of the major word come after the other keys.

Do this for yourself. Easier than most codes, only decodeable by you and those in the know.

Top
#242696 - 03/08/12 04:43 PM Re: Carrying passwords... [Re: ireckon]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 2823
Originally Posted By: ireckon
Off topic sorta...

I really hate admitting this, but password protection may be a situation where good ol' pen and paper is superior. That is, if you store the paper in one safe. At that point, the only way to get the password (from you) is by getting into that safe or into your brain. You leave no exposure via your lost computers, cloud computing, etc.

Even better is store passwords on an encrypted computer who's single purpose in life is to store your passwords, and then lock that encrypted computer in one physical safe. (Storage in only your brain is obviously the highest security, but for me personally that's not an option.)

All the fancy encryption algorithms cannot beat a system where your password is simply not stored on any computer in any way, shape, or form. Of course, your third parties (e.g., bank computers) store passwords somewhere, but you have no control over that storage.



You'll wear out the safe door that way egtting your passwords every time you need to sign in to something.


Edited by Eugene (03/08/12 04:44 PM)

Top
#242723 - 03/08/12 07:59 PM Re: Carrying passwords... [Re: TeacherRO]
Glock-A-Roo Offline
Old Hand

Registered: 04/16/03
Posts: 1076
1) how do you get around the keyloggers that are on your work computers? Most larger companies log all computer input, not just web history. Makes things much easier on the HR department for both personnel and corporate espionage issues.

2) don't Google and Apple store all their customers' smartphone data on company servers? Don't they claim access to everything that goes thru your phone?

Top
#242724 - 03/08/12 08:15 PM Re: Carrying passwords... [Re: Glock-A-Roo]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3059
Loc: USA
Originally Posted By: Glock-A-Roo
1) how do you get around the keyloggers that are on your work computers? Most larger companies log all computer input, not just web history. Makes things much easier on the HR department for both personnel and corporate espionage issues.


This is actually harder to do than you might think. Logging all Internet access is pretty easy (it isn't cheap to do it well, but it isn't hard). Logging all access to files is tougher but do-able. Logging all network access is hard. Logging keystrokes sounds easy to do but you need to deliberately neuter or compromise your workstation security software to do it, as well as spend a lot of time and effort reviewing the logs. Almost none of my customers have attempted to do this. This is very rare outside of high-security government facilities.

Logging Internet access from company networks and workstations is generally legal, but make sure you have a written policy in place to support it. Logging email is a federal felony without a written policy and some evidence that the end-user was aware of the policy. Logging keystrokes is a dicey area of law; you'd most likely end up with civil liability and criminal liability is a real possibility. Consult an attorney first.

Quote:
2) don't Google and Apple store all their customers' smartphone data on company servers? Don't they claim access to everything that goes thru your phone?


They log usage information but do not (as far as I know) log keystrokes/button pushes or log the activities of third party apps.

Top
Page 3 of 5 < 1 2 3 4 5 >



Moderator:  KG2V, NightHiker 
April
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Who's Online
1 registered (Rusty), 261 Guests and 3 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
Claire, JHurley, Highwayman, Janysboy, FlyerOne
5279 Registered Users
Newest Posts
Basic Survival Skills that shouldn’t be complicate
by Herman30
Today at 07:45 PM
Global Bushcraft Symposium
by BruceZed
Today at 05:21 PM
Evaluation of FAKs
by Jeanette_Isabelle
Today at 04:05 PM
Chaosmagnet's "modular" main emergency kit?
by clearwater
Yesterday at 05:00 PM
woggle
by clearwater
Yesterday at 04:51 PM
Jess Roskelly presumed dead in BC avalanche
by dougwalkabout
04/21/19 04:15 PM
Bugout Practice
by Jeanette_Isabelle
04/21/19 03:07 PM
Customizing Your Medical Kit
by Jeanette_Isabelle
04/20/19 06:50 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.