I like that kind of password. Memorable AND secure. I get tired of sites recommending something like "SX33F5KcjKgBzEz4fLWxfvz0vvL4e00AMyRnjSfbxWej4a6SoC3Ct8NlGbbrszp" without ever considering that you could never remember that (as well as a few dozen more, for other sites).
That's one of the reasons I'm not interested in an online password manager.
With a local program someone would need to gain access to my computer in order to get into my password manager.
What happens to your notebook if you have a fire or flood? How will you recover your passwords?
One of the advantages of computer data is that you can have multiple backups.
Anthony Watson
Not necessarily. Since most users pick common words for their passwords, hackers will often use a dictionary approach to check combinations of common words first. In your example, that's only four words. It would be a lot quicker to try every possible combination of four words, than it would be to try every possible combination of 16 individual characters.
Anthony Watson
Yep, that's the method I'm basically using now. It's secure enough, but there's no integration with my web browser or anything. It's simply a copy/paste process.
Anthony Watson
I saw a leather passport case for sale the other day, with each credit card sticking out a half inch higher than the one below it. When I travel, I keep my money and credit cards where others don't see them.
Hell, it would take Leonard Nimoy 20 minutes, tops ;-)
Or, will snoop your social media accounts for likely choices (names of pets, friends, schools, sports teams, etc.) And, that snooping can be done by malware that you picked up in a driveby attack -- running *in* your computer but not actually STORED on the disk, anywhere.
Likewise, the malware can intercept your keystrokes when it notices that "Roboform.exe" has been started and pass them along to Roboform after making a note of them; then waiting to see any side-effects of Roboform's actions -- like a new window being opened or something being copied to the paste-buffer: "Ah! the sorts of actions that happen when Roboform receives a valid password that we've noticed by observing the copy of Roboform that WE purchased have just happened! That suggests the last few characters intercepted are likely the password to Roboform!"
Having this, the malware can send *it* and the contents of whatever file/place Roboform caches your encrypted password off to the remote attacker: "Here's the password for his copy of Roboform and here's the file with the encrypted passwords. You know what to do..."
[This is why, IMO, you don't want a product KNOWN to control your passwords to be running on a machine that can potentially be accessed remotely]Exactly. The "amount of randomness" in your password is what determines its strength.
The effort required to try every combination of four words -- assuming you *knew* 1,000,000 different words to choose from -- is roughly the same as picking a 14 character "random" password.
Furthermore, if you assume the password is a legitimate english sentence (i.e., follows the rules of grammar), then the number of combinations is much less than 1,000,000^4 (because, for example, any combination of "noun1 noun2 noun3 noun4" wouldn't be a "valid" sentence!).
The problem with cryptography is that attacks always get *better*. You can always use the best attack strategy that you've discovered to date. And, if a better one comes out tomorrow (building on some characteristic uncovered in yesterday's attack strategy), you immediately benefit from that "improved" attack! There's nothing to "undo".
And, the amount of processing (and storage) power available just keeps increasing as folks find ways of repurposing devices to exploit their potential attack capabilities.
E.g., the hashes used to store XP passwords *seemed* secure. Until folks theorized ways to attack them with rainbow tables. Attacks that were supposed to take YEARS suddenly were possible in *minutes*! (using the resources of the actual computer that you are trying to break into!)
Ooops!
The other, more practical, problem is that there are often flaws in the implementation of these algorithms. And, those flaws often dramatically reduce the strength of the code!
SWMBO has had many of her cards reissued, SEVERAL times! Always accompanied by some vague comment about *some* vendor having a security problem (why not TELL us WHICH vendor so we can AVOID using them?!)
I'm a lot more selective about how and where I use them so have been unaffected by that.
[I *have* had cards reissued when Bank A buys out Bank B's accounts. But, that doesn't happen, often. And, I left a MasterCharge card on the teller counter at a bank in Ohio, once, while traveling -- had to cancel *that* card! :< ]I have all my "important" mail sent to my POBox. I don't know of anyone having problems in the neighborhood but have no interest in tempting fate. The bigger problem is the "off day" for our regular letter carrier sometimes finds our mail delivered to a neighbor on an adjacent street having the same house number. Equally likely for us to get his (though the two problems seldom coexist)
I am *hoping* this discussion doesn't bring that forgotten detail *back* to me! While it is possible to consciously forget something, I've found it to be tedious ("Don't remember, don't remember, don't remember..."). I guess if you have a tendency to cling to memories, it's easy for that to reassert itself.
DL is a dubious credential, here.
First, they are issued with outrageously long expiration dates! I think the first one I had issued, here, was good for *25* years! (I eventually had to have it "renewed" as there was a change in federal? law that required changes to the actual credential which required everyone to get a new one)
[I've also heard of people being asked to come in for a new photograph. Possibly because their "face metrics" were incompatible with facial recognition software being silently deployed? (at least one friend said she was told to come in because she was SMILING in her previous photo!)]You'd think a change of address would REQUIRE a new credential? According to the lady at the DMV: "Oh, sweetie, just write your new address on a slip of paper and use a paperclip to hold it on the license..." WTF??? OTOH, the license plainly states that changes in address need to be reported in 10 days.
Mine typically comes out when I open a new bank/brokerage account and they NEED proof that I'm who I claim to be. Or, withdraw large sums. DL is in a prominent location in the wallet, so always easier to take out than bring a passport along.
We keep everything on paper and have a "scan-fest" once every year or two. We keep most receipts for at least a few months (in case something needs to be returned) and many things are kept "indefinitely".
I can dig out what we paid for electricity 20 years ago, garbage fees, all of my credit card charges (going back > 40 years) -- even my paycheck stubs (*all* of them)!
But, its not worth retroactively scanning all of that stuff. OTOH, discarding it just saves a little space in a file cabinet (if I don't store those things in there, what WOULD I store?) It's come in handy when I wanted to get the dates of employment for a past employer. Or, when I want to see what the "governmental overhead" (taxes+fees) has done over the years -- they like to shift costs from part of our taxes to outright fees (so they can claim taxes haven't been increased)
I have a couple of 500G encrypted external drives (fingerprint authentication) but just use them as generic drives. I don't think I have anything explicitly encrypted, here. But, then again, to gain access to any of those things, you'd have to be *in* my home -- in which case, you'd probably find other things that are more enticing!
So, why go to the trouble to protect it?
The apparent difference (between us) is that you have things in places that can be accessed remotely (online accounts, passwords on your online computer, etc.) while I keep all that stuff "behind a locked front door". I.e., an adversary has to be here, physically to victimize me.
Yup.
When I was younger, my vehicle was vandalized in the parking lot at work. Broke a window and stole my (generic) winter coat out of the back seat (really? are you that desperate that a common overcoat is worth that effort/risk??)
I was more annoyed with the inconvenience I'd face having to get the window repaired (covered under insurance) -- and, the fact that I now had to drive 25mi home at 11PM in the winter with a window WIDE OPEN!
"Cripes, why didn't you just have the guard FIND me and ASK me for my coat? Save me the hassle of the repair *and* the discomfort of the cold ride home!!"
No debit cards, only credit cards. I typically only carry $20 as I seldom need much more (fuel purchases are the only thing that ever typically exceeds $20 and those go on the charge cards). If I'm planning on buying something "moderately priced" (~$100 but not $1000), I can arrange to bring extra cash with me.
OTOH, few things are that expensive that I wouldn't also want to put on a charge just for the recordkeeping/enhanced warranty.
In *real* emergencies, cash is king. A guy who's bought up a bunch of "supplies" and is trying to make a killing out of the back of his pickup truck isn't going to be able to honor a credit card! Likewise, trying to hitch a ride out of town, etc.
[We prepare for the worst half-heartedly thinking that doing so will ENSURE it never happens! :> ]
"When you're looking for something, you'll always find it in the LAST place you look!" :> (think about it...) So, the trick is to figure out what the "LAST place" will be and look there, first!
I "develop habits" so that I can do many of the more boring things of day-to-day life "on autopilot". It's easier for me to remember that this card will be the "fourth one down" -- always -- than to wonder where it will be the next time I need it. It's relatively easy to implement: just put the card back where it "belongs"!
Some things that I carry in my wallet are rarely accessed so they just get lumped together on the other side: business cards for various providers, voter registration card, library card, insurance card, etc. Its not worth the effort to keep track of their specific locations -- but, I still want to have them available "on my person".
I do this with most things. E.g., each tool has a place (not like "on a pegboard" -- that would be too "anal" and require a helluva big pegboard!! But, rather, all hammers are in this spot, all nutdrivers in that spot, etc. Flashlights have fixed, individual "homes". I keep my drywall square "hung" in the same place and my carpenter's square in yet another. Torque wrenches in a long slender box on a particular shelf. SCSI-2 cables in this box, SCSI-3 in that box, VHDCI cables in yet another, etc. Spare DVD writers on this one, access points in that, etc.
Otherwise, its just impossible to try to remember where I "last saw" something. I might conjure up a memory of it in a particular place... but, have no way of knowing if that is the most *recent* place!
By contrast, remembering passwords or account numbers is easy -- they are always the same, over time!
[SWMBO was in a panic this week trying to locate her passport. Checked "everywhere" (not!), safe deposit boxes, etc. In my case, I *know* where it is cuz it never leaves that location!]OTOH, my (physical) desktop is an "adventure in entropy" :>
Our driver licenses expire every five years (used to be four). I thought I read something saying that was changing to six years, don't know for sure.
I can go back 10 years or so for most things, but I try to keep my electronic documents under control too. I'll typically delete financial documents that are more than 5-7 years old (excluding important documents like taxes and whatnot). I'll never need to know what I paid for garbage
15 years ago.
As I mentioned previously, it's primarily to keep out the casual viewer (snoopy guests) or a "hacker of convenience".
For example, if someone breaks into my house while I'm gone and steals my computer it won't be easy for them to access my passwords or financial documents. The odds of the typical home burglar also being a good computer hacker are probably slim.
Someone once broke the passenger window in my wife's car to steal her $20 car stereo. It was practically worthless to steal, but cost me a lot more time and money to replace the window and deal with insurance. Worse yet, her passenger door was unlocked at the time.
Anthony Watson
Was your wife in a habit of leaving door(s) unlocked? It actually might be a good idea just to prevent wanton window breaking by stereo thieves.
Surely you want theives to be forced to at least make the noise of breaking the glass because it might deter the less-determined.
Or did you get 'driver' & 'passenger' mixed up somewhere in your description?
Yeah, most places I've lived were 4. I was stunned at the length of time on these, here!
We refer to those things to note how "municipal payments" have increased. E.g., we used to have *two* trash pickups, weekly. Then one. Then one in a fixed size container. Then, the option of a smaller container.
Somewhere along the way, it was broken out as a separate fee (instead of part of our property taxes).
Water charges got reshuffled and the algorithm for computing sewer charges changed (partly a nod to the fact that water usage increases in the summer for irrigation, swimming pool evaporation, etc.).
We have property taxes for the city and for the county. And, secondary taxes (an excuse for them to hit you twice for the same thing). Then, "riders" that are supposed to be phased out over time -- and they opt to propose a new one each time the old one expires. Etc.
So, if you look at TOTAL "costs" you see where they have increased far more dramatically than if you look at all of the individual pieces (many of which might not have existed when we bought the place).
They count on folks having short memories. E.g., when I remind people of our two weekly pickups, you see the recollection sweep across their face: "Oh, yeah... and you could put a sofa on the curb any week and they'd come fetch it (instead of on the two days per year, now)"
I suspect only laptops are targets. And, even those have low resale value (too common). Too easy to trace (serial numbers).
I avoided the insurance company -- and learned something in the process!
I called a glass company to get a price on replacing the window. They were very concerned as to whether or not I had "glass coverage": "How the hell do I know? I just want the window fixed so I can use the HEAT in the car without it all going out the window!!" They refused to give me a price -- insisting they needed to know this.
Exasperated, I finally said, "So, the price is DIFFERENT (for the same product/service) depending on whether or not I have insurance?"
She replied, "Yes". I was young enough that this actually surprised me!
"Then, which is cheaper: with insurance or without?"
"Without"
"Then, I have no insurance. How much will it cost and how long will it take?"
I have since been amused by the advertisements for windshield replacements (glass companies) that offer a free trip (or whatever) IF YOU HAVE GLASS COVERAGE! And people wonder why insurance is so expensive...
Yes, I did mean the "driver" door was unlocked. They broke the glass on the passenger door.
We've always locked our doors, but for some reason she didn't do it that night. That was 25+ years ago, so I don't remember the details now. :)
We lived in an apartment near the railroad tracks and a metal recycler. The sound of breaking glass was a daily occurrence. :)
Considering the neighborhood we lived in, I always used a locking gas cap on my car too. The darn theives just climbed under the car and cut my fuel line to steal my gas. So I was out the gas AND had the expense and hassle of replacing the fuel line. Since then I've just used a normal gas cap. If they need the gas that bad, just take it and don't make more work for me.
The rent was cheap, but I sure don't miss that neighborhood... :)
Anthony Watson
I still keep things like our old electric bills, because it's interesting to look back and see how our electric usage has changed over the years.
Garbage, checking statements, accounts we no longer have, etc. usually get deleted after several years.
I've always hung on to debit and checking receipts for 5-7 years too, even though I have NEVER needed to refer back to them. Don't know why, old habits die hard I guess.
We're on a private well and septic system.
We were a lot younger back then and paid for full coverage on both of our cars, including glass coverage. It kind of made sense as I spent a lot of time on the road driving for work. Over the years I had several cracked windshields and broken headlights that were replaced for "free". Obviously, I paid for them many times over with my insurance payments, but I was young and dumb.
One upside to her car break-in, the insurance paid for a better stereo than she previously had in the car. :)
For the last 20+ years we've just had liability insurance on the cars. Full coverage doesn't make sense when the car is only worth $500-1000.
Car insurance is one of my pet peeves...
I think the whole system of having to pay for the OTHER guy is crazy. I drive an inexpensive Volkswagen, but I still have to pay insurance rates based on the rich folks who choose to drive expensive BMW or Mercedes vehicles.
People love to play the blame game. It was HIS fault, HE should pay. Who cares, the car needs to be fixed either way. Not to mention, even though insurance is required by law, I have to pay additional insurance for uninsured drivers. The whole system is nuts. I've been driving for 36 years and paying insurance the whole time. While several drivers have crashed into me, I have never been the cause of an accident.
I pay insurance for the other guys vehicle, and I pay insurance for the "uninsured" vehicles. Then I pay more insurance in case the other guy is injured. Despite all these payments, I get nothing if my car is damaged. Yeah, the other guy's insurance should pay for my car if he causes the accident, but then there's the whole uninsured driver thing again.
Accidents are traumatic anyway. I just want my car fixed (or replaced) and my medical bills paid if I'm injured. I don't care who was at fault. I think each person should insure their own vehicle. If you get in a wreck and don't have insurance, you're just out of luck.
Anthony Watson
I suspect the issue boils down to (for me):
- I'm not going to save a helluvalot of space by deleting them;
- once gone, the information contained in them is virtually impossible to recover
I save information on past projects that I declined to bid on for similar reasons.
My sibling and I got into a heated argument -- she denying the numerous (unrepaid) loans I'd extended to her over the years. I sent her photocopies of the canceled checks (with no cover letter) to illustrate the point -- and the amounts! :-/
We've made a couple of claims, over the years. Someone backed into SWMBO in a parking lot ~18 years ago. We took the cash and applied it to a new car (we were just getting ready to make that purchase, anyway).
A year or two her vehicle was vandalized at the local park. Again, we took the cash, I repaired the car and we applied the monies to her newest vehicle.
Of course, you never come out ahead. OTOH, you hope you are protecting against the catastrophic loss that could occur at any time.
We have our own coverage; plus coverage for uninsured motorists; plus coverage for UNDER insured motorists.
Our proximity to MX means it is quite possible that the other party may "skip town" (esp if at fault and "without papers"). As it takes very little, nowadays, to incur thousands of dollars of damage (assuming no personal injury), it makes some sense.
The "no fault" trend.
[snip]
Oh, Anthony, you just have to love ACA/ObamaCare then, I'll bet.
Now that "If you like your insurance, you can keep it" has morphed into "If you like your insurance, you can get it back, but it will cost you more!" it's just another hope and promise that is dashed on the shores of reality by Captain O
Decrypt it using the password you've selected, yes. That doesn't mean that someone would have to go that route to crack the cypher though. It depends on the cypher and how it was implemented.
Yes, if one were to rely on brute forcing methods only. With that said however, as I wrote above, if there's a weakness in the cyphering algorithm, the time required to gain unauthorized access to your encrypted data may be far less.
OTW, You cannot rely on the example you provided to ensure security; as it doesn't on it's own.
Was it an intelligence test? rofl
Rot13 has been used on online forums and usenet for years to hide spoilers, demonstrate extremely 'weak' crypto, etc. It's like the answers to the crossword puzzle being printed upside down somewhere else on the page. It wasn't ever a UN*X only thing. Rot13 is a caeser cipher that because of the specific shift number, is inversing. IE: the same process used with no changes required will also decrypt encrypted material.
I'm not entirely sure what you mean by apparent distribution of symbols. Do you mean you haven't seen/heard of any which (for example) have the word frog to encrypt and begin writing the encrypted data, say, in reverse? Or do you mean that the encrypted message doesn't look like total garbage and things seem like you could determine what they represent? IE: you see a pattern. One or more symbols that may represent common letters?
If the latter, the Vigenere table does a very good job of eliminating patterns if used with a proper key. The issue only comes up if you're using a bad key. And by bad, one that's shorter than the message being encrypted by it and it doesnt consist of random characters. Instead, it's actually a word or a series of them,grouped together. This will certainly cause issue with the encryption process in so far as weakness to patterns, freq based attacks; including those discovered by Kerckhoffs, Friedman, and, Kasiski.
Now, concerning the caeser shift cipher...You don't need a significantly long message to crack a caeser shift cipher. A short sentence is often enough. And, If you know how a single letter should be deciphered, you then also know the shift amount (which is the real key to that cipher) and can decrypt the rest of the message with ease.
In other words, it looks like this (shift 5):
Plain - ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher- EFGHIJKLMNOPQRSTUVWXYZABCD
More about the Vigenere cipher:
An example of semi best practice encryption using the default offset style Vigenere cipher:
NonEncrypted Text Src: DWENLARLOVESYOU
Encrypted text result: NNOQQGRYEPHZEEC
Key used: krkdfganqudhgqituxnvbzmnajdigfug
The above short message is likely, not 'crackable' using any of the attack methods known for the cipher. The key is random and is longer than the message to be encrypted. Despite this, the key imho, could be made stronger by using more letters and/or reducing the unintended frequency of certain repeats too often. For the purposes of this though, it's solid enough.
Although this is still using the original Vigenere cipher and not a scrambled version (more on that below) due to details concerning the key covered above, the encrypted material is immune to the attacks created/devised by Friedman, Kasiski, and, Kerckhoffs. Kerckhoff had another trick up his sleeve so if you want to ensure you stop his attacks dead in their tracks, use the same principles as described above, but, use a scrambled version of the cipher instead.
A scrambled Vigenere cipher doesn't use shifting as the original does. Instead, each one of the 26 lines containing the alphabet has them in a preferably completely random order. The idea is to stop the shifting, as that makes the cipher potentially vulnerable to an attack devised by Kerckhoffs.
The Friedman, Kasiski, and, Kerckhoffs tests can't reliably be used for attack vectors when using the cipher modified as described above with a good key! As they rely on frequency analysis, poorly chosen keys, and stacked caeser cipher shifting.
Although it's not the worlds greatest password, it does put an end to most dictionary only style attacks.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.