REVscene - Vancouver Automotive Forum


Welcome to the REVscene Automotive Forum forums.

Registration is Free!You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! The banners on the left side and below do not show for registered users!

If you have any problems with the registration process or your account login, please contact contact us.


Go Back   REVscene Automotive Forum > Automotive Chat > Vancouver Off-Topic / Current Events

Vancouver Off-Topic / Current Events The off-topic forum for Vancouver, funnies, non-auto centered discussions, WORK SAFE. While the rules are more relaxed here, there are still rules. Please refer to sticky thread in this forum.

Reply
 
Thread Tools
Old 04-12-2014, 04:36 AM   #26
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
Quote:
Originally Posted by tiger_handheld View Post
What I dont comprehend is why the CRA trusts open source security while the largest bank in Canada does their own dev for security.

#mindblasted
In most cases, open source is more secure. This very same bug could have existed in any proprietary system. Usually when exploits are found in open source, they get pointed out and fixed. With proprietary, unless the developers themselves find the holes, who knows what happens before (or if) they get fixed.

Also banks are notoriously lazy with updating their software. Most banks use a proprietary system with known exploits, just because they don't keep it updated. If they used OpenSSL, it would be updated by the community all the time. Bugs do happen, but they get fixed too.
Advertisement
SkinnyPupp is offline   Reply With Quote
This post thanked by:
Old 04-12-2014, 07:51 PM   #27
14 dolla balla aint got nothing on me!
 
Join Date: Apr 2004
Location: Vancouver
Posts: 685
Thanked 1,282 Times in 132 Posts
Quote:
Originally Posted by SkinnyPupp View Post
Use this as a reminder to use 2 factor authentication whenever you can, and use a password manager. I already use 2FA for everything but am still researching password managers. Thinking of using Lastpass for $12 a year. Would like to use an open source if possible though

If you were wondering if RS is affected, it's not since we don't use SSL anyway. On low-risk sites like this (forums, blogs, etc) you should NOT be using the same password you'd use on a high risk site (banks, email, etc)
I'm using lastpass, in addition with yubikey. Works great saves you time from having to type in the username/password.
K.Dubz is offline   Reply With Quote
Old 04-12-2014, 11:11 PM   #28
Need my Daily Fix of RS
 
Majestic12's Avatar
 
Join Date: Jan 2011
Location: Vancouver
Posts: 295
Thanked 199 Times in 87 Posts
Quote:
Originally Posted by underscore View Post
But if you lose the keychain or your master password is compromised you're fucked. I have unique passwords for a few important things and one generic one for shit I don't really care about.
The keychain isn't strictly necessary. So long as the computer I'm using has internet access, I can access my database (since it's hosted on dropbox) and just re-download Keepass to use the database if i REALLY need to. If the master password is compromised, yeah, I'm hooped, which is why it's a damn good one. The upside to that is that you only need the one really good password. Easier than remembering 20 different passwords that are all variations of the same thing.
Majestic12 is offline   Reply With Quote
Old 05-24-2014, 05:41 PM   #29
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
I finally got around to using a password manager. Another site lost their emails and passwords (Ebay). If you are not using one yet, NOW is the time to do so. If you're using simple passwords and the same one on a few sites, it's pretty much just a matter of time before someone gets them.

I went with Dashlane after looking into several options. It seems to be the most compatible, and most reliable. As soon as a good one that combines bitcoin comes along I'll probably switch, but for not this will do

If you're interested, feel free to use my referral code and we will both get 6 months free:

https://www.dashlane.com/en/cs/3bb9491e
SkinnyPupp is offline   Reply With Quote
Old 05-27-2014, 09:30 AM   #30
Willing to sell body for a few minutes on RS
 
underscore's Avatar
 
Join Date: Apr 2007
Location: Kel-pwn-a
Posts: 11,978
Thanked 4,965 Times in 2,173 Posts
What happens if someone gets the password manager info then?
__________________
1992 Toyota Celica GT-S // 1991 Toyota Celica GTFour RC FOR SALE // 2007 Jeep Grand Cherokee CRD

Quote:
Originally Posted by maksimizer View Post
half those dudes are hotter than ,my GF.
Quote:
Originally Posted by RevYouUp View Post
reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z
Quote:
Originally Posted by Good_KarMa View Post
OH thank god. I thought u had sex with my wife. :cry:
underscore is online now   Reply With Quote
Old 05-27-2014, 09:39 AM   #31
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
I'd take that chance (which is next to nil, unless you tell someone or have a keylogger) over the alternative (if you use a similar password on more than one site, someone has all your passwords)
SkinnyPupp is offline   Reply With Quote
Old 05-27-2014, 09:44 AM   #32
I contribute to threads in the offtopic forum
 
Join Date: Jun 2006
Location: Burnaby
Posts: 2,834
Thanked 4,665 Times in 1,010 Posts
Hmm, I do that lol.

So this software, I guess the point is to completely randomize all your password, and the software keeps track for you?

What happens on the occasion that you want to log into a website, on a computer you don't normally use?
inv4zn is online now   Reply With Quote
Old 05-27-2014, 09:49 AM   #33
2x Variable Nockenwellen Steuerung
 
Join Date: Oct 2002
Location: N49.2 W122.1
Posts: 6,179
Thanked 1,175 Times in 705 Posts
Ideally the data is encrypted. It still take a while to be able to decrypt Blowfish 512.. However if they can get it from your own computer, that means your computer / phone are hooped. So to be extra safe use a password manager that would do 2 factor encryption.

Quote:
Originally Posted by underscore View Post
What happens if someone gets the password manager info then?

Last edited by godwin; 05-27-2014 at 09:55 AM.
godwin is offline   Reply With Quote
Old 05-27-2014, 09:53 AM   #34
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
Quote:
Originally Posted by inv4zn View Post
Hmm, I do that lol.

So this software, I guess the point is to completely randomize all your password, and the software keeps track for you?

What happens on the occasion that you want to log into a website, on a computer you don't normally use?
In this case, the idea is that you always have your phone with you. It syncs all password on your mobile devices, so as long as you have your phone, you have all your passwords.

Presumably you are using two factor authentication for the important sites too, so you'd need your phone with you in that case anyway.

You have to assume that someone has at least ONE of your passwords, it's just a matter of time until they come across your name, and it's time for your passwords to be cracked. And if you use the same word in more than one password, it's MUCH easier to crack the rest.
SkinnyPupp is offline   Reply With Quote
This post thanked by:
Old 05-27-2014, 10:12 AM   #35
I contribute to threads in the offtopic forum
 
Join Date: Jun 2006
Location: Burnaby
Posts: 2,834
Thanked 4,665 Times in 1,010 Posts
Hmm, will look into this.
Thanks.

Dashlane vs FastPass?
inv4zn is online now   Reply With Quote
Old 05-27-2014, 03:15 PM   #36
Willing to sell body for a few minutes on RS
 
underscore's Avatar
 
Join Date: Apr 2007
Location: Kel-pwn-a
Posts: 11,978
Thanked 4,965 Times in 2,173 Posts
Interesting. My problem is I don't trust phones since they're so easy to break and I don't trust external services.
__________________
1992 Toyota Celica GT-S // 1991 Toyota Celica GTFour RC FOR SALE // 2007 Jeep Grand Cherokee CRD

Quote:
Originally Posted by maksimizer View Post
half those dudes are hotter than ,my GF.
Quote:
Originally Posted by RevYouUp View Post
reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z
Quote:
Originally Posted by Good_KarMa View Post
OH thank god. I thought u had sex with my wife. :cry:
underscore is online now   Reply With Quote
Old 05-27-2014, 05:16 PM   #37
Banned (ABWS)
 
Join Date: Nov 2013
Location: van
Posts: 67
Thanked 29 Times in 17 Posts
pen and paper for you technosavant. hack that!
Nomomo is offline   Reply With Quote
Old 05-27-2014, 06:12 PM   #38
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
Quote:
Originally Posted by underscore View Post
Interesting. My problem is I don't trust phones since they're so easy to break and I don't trust external services.
No need to trust the service, they don't have a record of your password. The only record of it is in your head. So if someone got your phone and/or the data, they can't do anything with it unless they have the password
SkinnyPupp is offline   Reply With Quote
Old 05-27-2014, 08:48 PM   #39
Willing to sell body for a few minutes on RS
 
underscore's Avatar
 
Join Date: Apr 2007
Location: Kel-pwn-a
Posts: 11,978
Thanked 4,965 Times in 2,173 Posts
Wait, what? I must be missing something here, does the password manager service not hold all your other passwords?
__________________
1992 Toyota Celica GT-S // 1991 Toyota Celica GTFour RC FOR SALE // 2007 Jeep Grand Cherokee CRD

Quote:
Originally Posted by maksimizer View Post
half those dudes are hotter than ,my GF.
Quote:
Originally Posted by RevYouUp View Post
reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z
Quote:
Originally Posted by Good_KarMa View Post
OH thank god. I thought u had sex with my wife. :cry:
underscore is online now   Reply With Quote
Old 05-27-2014, 09:29 PM   #40
Hacked RS to become a mod
 
SkinnyPupp's Avatar
 
Join Date: Feb 2002
Location: Sunny Hong Kong
Posts: 42,017
Thanked 17,635 Times in 5,342 Posts
Quote:
Originally Posted by underscore View Post
Wait, what? I must be missing something here, does the password manager service not hold all your other passwords?
It holds them in an AES 256 bit encrypted file which is impossible* to crack with a strong key. They don't hold the key itself though, you do. So unless you give up that key, the file is safe.

*nothing is literally impossible but it is effectively impossible until quantum computing hits it big I guess

There's a good post about it here. They use 128 bit as an example, and using a 10.51 Pentaflop supercomputer, it would take 1 billion billion years. If I'm correct, that looks like this: 1,000,000,000,000,000,000 years. The universe itself is 13,750,000,000 old.

Another good example from that page. If everyone in the world had 10 supercomputers that are faster than any computer anyone can possibly have, and they spent 24 hours a day cracking one key with those 70 billion supercomputers, it would take about 77,000,000,000,000,000,000,000,000 years to crack that one key.

Again, these examples are for 128 bit. 256 bit would be about 9 times more... so 9 billion billion years
SkinnyPupp is offline   Reply With Quote
Old 05-30-2014, 09:54 AM   #41
Willing to sell body for a few minutes on RS
 
underscore's Avatar
 
Join Date: Apr 2007
Location: Kel-pwn-a
Posts: 11,978
Thanked 4,965 Times in 2,173 Posts
Right, but if your key is compromised then the level of encryption becomes moot.

I've had to look into the pains of brute forcing your way through encryption recently when a PC was hit with CryptoLocker, ransomware that encrypts your files and demands $500 for the key. The complexity of getting through is certainly interesting.
__________________
1992 Toyota Celica GT-S // 1991 Toyota Celica GTFour RC FOR SALE // 2007 Jeep Grand Cherokee CRD

Quote:
Originally Posted by maksimizer View Post
half those dudes are hotter than ,my GF.
Quote:
Originally Posted by RevYouUp View Post
reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z
Quote:
Originally Posted by Good_KarMa View Post
OH thank god. I thought u had sex with my wife. :cry:
underscore is online now   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -8. The time now is 10:06 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
SEO by vBSEO ©2011, Crawlability, Inc.
Revscene.net cannot be held accountable for the actions of its members nor does the opinions of the members represent that of Revscene.net