Vancouver Off-Topic / Current Events The off-topic forum for Vancouver, funnies, non-auto centered discussions, WORK SAFE. While the rules are more relaxed here, there are still rules. Please refer to sticky thread in this forum. |  | |
04-12-2014, 03:36 AM
|
#26 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
| Quote:
Originally Posted by tiger_handheld What I dont comprehend is why the CRA trusts open source security while the largest bank in Canada does their own dev for security.
#mindblasted | In most cases, open source is more secure. This very same bug could have existed in any proprietary system. Usually when exploits are found in open source, they get pointed out and fixed. With proprietary, unless the developers themselves find the holes, who knows what happens before (or if) they get fixed.
Also banks are notoriously lazy with updating their software. Most banks use a proprietary system with known exploits, just because they don't keep it updated. If they used OpenSSL, it would be updated by the community all the time. Bugs do happen, but they get fixed too.
|
| |
04-12-2014, 06:51 PM
|
#27 | 14 dolla balla aint got nothing on me!
Join Date: Apr 2004 Location: Vancouver
Posts: 688
Thanked 1,286 Times in 133 Posts
Failed 258 Times in 30 Posts
| Quote:
Originally Posted by SkinnyPupp Use this as a reminder to use 2 factor authentication whenever you can, and use a password manager. I already use 2FA for everything but am still researching password managers. Thinking of using Lastpass for $12 a year. Would like to use an open source if possible though
If you were wondering if RS is affected, it's not since we don't use SSL anyway. On low-risk sites like this (forums, blogs, etc) you should NOT be using the same password you'd use on a high risk site (banks, email, etc) | I'm using lastpass, in addition with yubikey. Works great saves you time from having to type in the username/password.
|
| |
04-12-2014, 10:11 PM
|
#28 | Need my Daily Fix of RS
Join Date: Jan 2011 Location: Vancouver
Posts: 295
Thanked 199 Times in 87 Posts
Failed 36 Times in 9 Posts
| Quote:
Originally Posted by underscore But if you lose the keychain or your master password is compromised you're fucked. I have unique passwords for a few important things and one generic one for shit I don't really care about. | The keychain isn't strictly necessary. So long as the computer I'm using has internet access, I can access my database (since it's hosted on dropbox) and just re-download Keepass to use the database if i REALLY need to. If the master password is compromised, yeah, I'm hooped, which is why it's a damn good one. The upside to that is that you only need the one really good password. Easier than remembering 20 different passwords that are all variations of the same thing.
|
| |
05-24-2014, 04:41 PM
|
#29 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
|
I finally got around to using a password manager. Another site lost their emails and passwords (Ebay). If you are not using one yet, NOW is the time to do so. If you're using simple passwords and the same one on a few sites, it's pretty much just a matter of time before someone gets them.
I went with Dashlane after looking into several options. It seems to be the most compatible, and most reliable. As soon as a good one that combines bitcoin comes along I'll probably switch, but for not this will do
If you're interested, feel free to use my referral code and we will both get 6 months free: https://www.dashlane.com/en/cs/3bb9491e |
| |
05-27-2014, 08:30 AM
|
#30 | To me, there is the Internet and there is RS
Join Date: Apr 2007 Location: Okanagan
Posts: 17,306
Thanked 10,085 Times in 4,396 Posts
Failed 435 Times in 233 Posts
|
What happens if someone gets the password manager info then?
__________________ 1991 Toyota Celica GTFour RC // 2007 Toyota Rav4 V6 // 2000 Jeep Grand Cherokee
1992 Toyota Celica GT-S ["sold"] \\ 2007 Jeep Grand Cherokee CRD [sold] \\ 2000 Jeep Cherokee [sold] \\ 1997 Honda Prelude [sold] \\ 1992 Jeep YJ [sold/crashed] \\ 1987 Mazda RX-7 [sold] \\ 1987 Toyota Celica GT-S [crushed] Quote:
Originally Posted by maksimizer half those dudes are hotter than ,my GF. | Quote:
Originally Posted by RevYouUp reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z | Quote:
Originally Posted by Good_KarMa OH thank god. I thought u had sex with my wife. :cry: | |
| |
05-27-2014, 08:39 AM
|
#31 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
|
I'd take that chance (which is next to nil, unless you tell someone or have a keylogger) over the alternative (if you use a similar password on more than one site, someone has all your passwords)
|
| |
05-27-2014, 08:44 AM
|
#32 | Rs has made me the woman i am today!
Join Date: Jun 2006 Location: Burnaby
Posts: 4,074
Thanked 6,802 Times in 1,659 Posts
Failed 213 Times in 86 Posts
|
Hmm, I do that lol.
So this software, I guess the point is to completely randomize all your password, and the software keeps track for you?
What happens on the occasion that you want to log into a website, on a computer you don't normally use?
|
| |
05-27-2014, 08:49 AM
|
#33 | 2x Variable Nockenwellen Steuerung
Join Date: Oct 2002 Location: N49.2 W122.1
Posts: 6,176
Thanked 1,174 Times in 704 Posts
Failed 67 Times in 51 Posts
|
Ideally the data is encrypted. It still take a while to be able to decrypt Blowfish 512.. However if they can get it from your own computer, that means your computer / phone are hooped. So to be extra safe use a password manager that would do 2 factor encryption. Quote:
Originally Posted by underscore What happens if someone gets the password manager info then? |
Last edited by godwin; 05-27-2014 at 08:55 AM.
|
| |
05-27-2014, 08:53 AM
|
#34 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
| Quote:
Originally Posted by inv4zn Hmm, I do that lol.
So this software, I guess the point is to completely randomize all your password, and the software keeps track for you?
What happens on the occasion that you want to log into a website, on a computer you don't normally use? | In this case, the idea is that you always have your phone with you. It syncs all password on your mobile devices, so as long as you have your phone, you have all your passwords.
Presumably you are using two factor authentication for the important sites too, so you'd need your phone with you in that case anyway.
You have to assume that someone has at least ONE of your passwords, it's just a matter of time until they come across your name, and it's time for your passwords to be cracked. And if you use the same word in more than one password, it's MUCH easier to crack the rest.
|
| |
05-27-2014, 09:12 AM
|
#35 | Rs has made me the woman i am today!
Join Date: Jun 2006 Location: Burnaby
Posts: 4,074
Thanked 6,802 Times in 1,659 Posts
Failed 213 Times in 86 Posts
|
Hmm, will look into this.
Thanks.
Dashlane vs FastPass?
|
| |
05-27-2014, 02:15 PM
|
#36 | To me, there is the Internet and there is RS
Join Date: Apr 2007 Location: Okanagan
Posts: 17,306
Thanked 10,085 Times in 4,396 Posts
Failed 435 Times in 233 Posts
|
Interesting. My problem is I don't trust phones since they're so easy to break and I don't trust external services.
__________________ 1991 Toyota Celica GTFour RC // 2007 Toyota Rav4 V6 // 2000 Jeep Grand Cherokee
1992 Toyota Celica GT-S ["sold"] \\ 2007 Jeep Grand Cherokee CRD [sold] \\ 2000 Jeep Cherokee [sold] \\ 1997 Honda Prelude [sold] \\ 1992 Jeep YJ [sold/crashed] \\ 1987 Mazda RX-7 [sold] \\ 1987 Toyota Celica GT-S [crushed] Quote:
Originally Posted by maksimizer half those dudes are hotter than ,my GF. | Quote:
Originally Posted by RevYouUp reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z | Quote:
Originally Posted by Good_KarMa OH thank god. I thought u had sex with my wife. :cry: | |
| |
05-27-2014, 04:16 PM
|
#37 | Banned (ABWS)
Join Date: Nov 2013 Location: van
Posts: 67
Thanked 29 Times in 17 Posts
Failed 48 Times in 12 Posts
|
pen and paper for you technosavant. hack that!
|
| |
05-27-2014, 05:12 PM
|
#38 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
| Quote:
Originally Posted by underscore Interesting. My problem is I don't trust phones since they're so easy to break and I don't trust external services. | No need to trust the service, they don't have a record of your password. The only record of it is in your head. So if someone got your phone and/or the data, they can't do anything with it unless they have the password
|
| |
05-27-2014, 07:48 PM
|
#39 | To me, there is the Internet and there is RS
Join Date: Apr 2007 Location: Okanagan
Posts: 17,306
Thanked 10,085 Times in 4,396 Posts
Failed 435 Times in 233 Posts
|
Wait, what? I must be missing something here, does the password manager service not hold all your other passwords?
__________________ 1991 Toyota Celica GTFour RC // 2007 Toyota Rav4 V6 // 2000 Jeep Grand Cherokee
1992 Toyota Celica GT-S ["sold"] \\ 2007 Jeep Grand Cherokee CRD [sold] \\ 2000 Jeep Cherokee [sold] \\ 1997 Honda Prelude [sold] \\ 1992 Jeep YJ [sold/crashed] \\ 1987 Mazda RX-7 [sold] \\ 1987 Toyota Celica GT-S [crushed] Quote:
Originally Posted by maksimizer half those dudes are hotter than ,my GF. | Quote:
Originally Posted by RevYouUp reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z | Quote:
Originally Posted by Good_KarMa OH thank god. I thought u had sex with my wife. :cry: | |
| |
05-27-2014, 08:29 PM
|
#40 | Hacked RS to become a mod
Join Date: Feb 2002 Location: Sunny Hong Kong
Posts: 54,437
Thanked 25,328 Times in 8,862 Posts
Failed 1,559 Times in 707 Posts
| Quote:
Originally Posted by underscore Wait, what? I must be missing something here, does the password manager service not hold all your other passwords? | It holds them in an AES 256 bit encrypted file which is impossible* to crack with a strong key. They don't hold the key itself though, you do. So unless you give up that key, the file is safe. *nothing is literally impossible but it is effectively impossible until quantum computing hits it big I guess
There's a good post about it here. They use 128 bit as an example, and using a 10.51 Pentaflop supercomputer, it would take 1 billion billion years. If I'm correct, that looks like this: 1,000,000,000,000,000,000 years. The universe itself is 13,750,000,000 old.
Another good example from that page. If everyone in the world had 10 supercomputers that are faster than any computer anyone can possibly have, and they spent 24 hours a day cracking one key with those 70 billion supercomputers, it would take about 77,000,000,000,000,000,000,000,000 years to crack that one key.
Again, these examples are for 128 bit. 256 bit would be about 9 times more... so 9 billion billion years |
| |
05-30-2014, 08:54 AM
|
#41 | To me, there is the Internet and there is RS
Join Date: Apr 2007 Location: Okanagan
Posts: 17,306
Thanked 10,085 Times in 4,396 Posts
Failed 435 Times in 233 Posts
|
Right, but if your key is compromised then the level of encryption becomes moot.
I've had to look into the pains of brute forcing your way through encryption recently when a PC was hit with CryptoLocker, ransomware that encrypts your files and demands $500 for the key. The complexity of getting through is certainly interesting.
__________________ 1991 Toyota Celica GTFour RC // 2007 Toyota Rav4 V6 // 2000 Jeep Grand Cherokee
1992 Toyota Celica GT-S ["sold"] \\ 2007 Jeep Grand Cherokee CRD [sold] \\ 2000 Jeep Cherokee [sold] \\ 1997 Honda Prelude [sold] \\ 1992 Jeep YJ [sold/crashed] \\ 1987 Mazda RX-7 [sold] \\ 1987 Toyota Celica GT-S [crushed] Quote:
Originally Posted by maksimizer half those dudes are hotter than ,my GF. | Quote:
Originally Posted by RevYouUp reading this thread is like waiting for goku to charge up a spirit bomb in dragon ball z | Quote:
Originally Posted by Good_KarMa OH thank god. I thought u had sex with my wife. :cry: | |
| |  | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts HTML code is Off | | | All times are GMT -8. The time now is 02:22 PM. |