[clug] Adobe Password Breach

Alex Satrapa grail at goldweb.com.au
Tue Nov 5 17:40:25 MST 2013


Since the NSA daemon was invoked previously in the thread, I’d suggest you really think hard about storing your list of all passwords on any hardware located in the USA, or accessed via a network that transits the USA or any territory the USA controls (e.g.: any country with US bases of any kind).

And of course remember to store your phone in a sound-insulated faraday cage when you think it is switched off (e.g: tin can in the freezer).

Alex

On 6 Nov 2013, at 10:04 , Hal Ashburner <hal at ashburner.info> wrote:

> Cool,
> Thanks Andrew, Craig, Sam, Ben, All.
> 
> 
> 
> On 6 November 2013 09:48, Andrew Janke <a.janke at gmail.com> wrote:
> 
>>> How do you back that up so if you lose your phone you're not stuffed when
>>> you need to do some banking in a hurry as your wallet was stolen too?
>> 
>> I store the (encrypted!) keypassfile on owncloud. There are web
>> clients for keepassX somewhere but I dont use one. I know I can get my
>> password file onto something and get keepassx. Mind you I don't store
>> internet banking passwords anywhere except my frontal lobes.
>> 
>>> Or you want to change phones, or use a real computer because using the
>>> phone for much beyond casual browsing is a royal pain.
>> 
>> Owncloud + keepassx. Sync clients for just about anything imaginable.
>> If not, copy the text file.
>> 
>>> Can you dump the encrypted store and import into an equivalent program on
>>> your laptop?
>> 
>> Yes.
>> 
>>> Then what happens if you add one password to your phone and a
>>> different site and password to your laptop - are they smart enough not to
>>> clobber?
>> 
>> With Owncloud, password file just gets updated by datestamp. You could
>> invent a situation where the sync will clobber but it wouldn't be
>> normal usage. You can of course have multiple password databases if
>> you desire with differing levels of security.
>> 
>>> Can they cope with these moronic websites, like say, your bank that
>> insist
>>> on "at least one number, one piece of punctuation but no more than 8
>>> characters" because they, um, why do they limit the size? Because they're
>>> not storing hashes but actually store the palintext password on their
>>> database? Really? Or they just can't program?
>> 
>> Yes.  A zillion check boxes to generate passwords of varying flavours
>> for website requirements.
>> 
>>> Is it better than a master list created with a text editor on a remote
>> box
>>> that you store gpg encrypted and can backup?
>> 
>> Probably not. The difference is you need a client for each of your
>> things you want to access this on. Keepassx is this client and it
>> exists.
>> 
>> 
>> a
>> --
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>> 
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux



More information about the linux mailing list