U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 03-15-2016, 03:25 PM
 
Location: Mayacama Mtns in CA
14,523 posts, read 7,680,940 times
Reputation: 11322

Advertisements

Quote:
Originally Posted by Peregrine View Post
<snip>

What else ya' got?
It's my understanding that Keepass stores everything on their server. True, it is encrypted, but seemingly the government could prevail and force them to unencrypt, presumably even a master password, thereby the client would lose his privacy. Isn't there also the possibility of their server being hacked?

In 1Password, however, nothing is stored on their server. 1Password and all your information lives in your computer and/or devices. YOU are the only one knowing and controlling your master password; if you forget it, 1Password can't help you, because they don't have access to it at all, even in an encrypted form.

Furthermore, 1Password is a privately owned Canadian company, and as such could hardly be prevailed upon to comply with US laws. At least this is my understanding.

These are things I've come to know and understand by reading their Forum.

As you probably know, I don't have formal education in IT, but again, that's why I also read this particular forum, as well. Always trying to learn more.
It was my business & legal advisor who has serious chops in computer technology who introduced me to 1Password several years ago, and I'm so glad he did.
Reply With Quote Quick reply to this message

 
Old 03-16-2016, 01:45 AM
 
Location: Honolulu
1,180 posts, read 1,556,576 times
Reputation: 2878
Quote:
Originally Posted by Macrina View Post
It's my understanding that Keepass stores everything on their server. True, it is encrypted, but seemingly the government could prevail and force them to unencrypt, presumably even a master password, thereby the client would lose his privacy. Isn't there also the possibility of their server being hacked?
Actually I've read that Keepass stores your database on your local computer and you can back it up to a USB. That's what another poster here said and that's what I've read when reading reviews of Keepass.
Reply With Quote Quick reply to this message
 
Old 03-16-2016, 02:45 AM
 
Location: Mayacama Mtns in CA
14,523 posts, read 7,680,940 times
Reputation: 11322
Quote:
Originally Posted by WannabeCPA View Post
Actually I've read that Keepass stores your database on your local computer and you can back it up to a USB. That's what another poster here said and that's what I've read when reading reviews of Keepass.
I'd read that one can download it, but I understood that it also has each person's database on their server. Isn't this how the data gets synced to one's other devices? I'll try to find where I'd read that, and get back to you. I'll certainly correct myself if I find I've made a mistake here.
Reply With Quote Quick reply to this message
 
Old 03-16-2016, 08:32 AM
 
Location: Cleveland, Ohio
11,853 posts, read 13,978,818 times
Reputation: 8083
I don't know where you're getting that, Macrina.

Keepass doesn't HAVE a server that you could even store your DB on even if you wanted to. It's your responsibility to keep it somewhere safe. It's also totally open source meaning anyone can download the code and if you understand all that programming nonsense (I do not, I hate programming) you could actually verify the encryption. Same thing: forget your password and no one can help you. You could make changes to the code and release your own (free) product. And many of us geeks absolutely love to support open source.

"As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security (like 1Password). It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice."

As I said: I could post my DB file here on this website and have no fear that anyone could crack it.

I'm glad you like the product you paid for. That's great. But Keepass is absolutely as good, and better if you ask me...because it's FREE. (And the phone app is AWESOME).

Here's the Android app:
https://play.google.com/store/apps/d...eepass2android
Reply With Quote Quick reply to this message
 
Old 03-16-2016, 12:07 PM
 
Location: Mayacama Mtns in CA
14,523 posts, read 7,680,940 times
Reputation: 11322
Peregrine wrote:
Quote:
"As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security (like 1Password). It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice."
Will you tell us whom you have quoted?

Anyway, we can just agree to disagree. Thank you for keeping a restful tone in this discussion. I'll look tomorrow for the source of the content I had mentioned.
Reply With Quote Quick reply to this message
 
Old 03-16-2016, 01:07 PM
 
1,294 posts, read 630,977 times
Reputation: 587
Quote:
Originally Posted by Macrina View Post
Peregrine wrote:


Will you tell us whom you have quoted?

Anyway, we can just agree to disagree. Thank you for keeping a restful tone in this discussion. I'll look tomorrow for the source of the content I had mentioned.
Bruce Schneier

I want to add to what Peregrine said by including that the reason that open source can generally offer better security is because there's many eyes from many angles viewing the code in a deliberate attempt to find security flaws.
Reply With Quote Quick reply to this message
 
Old 03-16-2016, 01:39 PM
 
Location: Texas Hill Country
10,567 posts, read 5,816,368 times
Reputation: 8792
Quote:
Originally Posted by WannabeCPA View Post
.....How are your passwords usually stored? On a server where if a hacker gained access he could compromise your passwords? Anyone have any advice? I've been wanting to do this a long time as I know I'm taking a risk having all my passwords on that one piece of paper.
In my pretty little head and if not there, then in my diary.

The catch is, even if they are in my diary, they are in an abstract code that will trip my memory but they are never written down directly.

So say there's a picture of Paula Cole? Then the password was "WhereHaveAllTheCowboysGone".

Occasionally, it can get very complex in that there is some picture file, with say 7-10 pictures in it, and only one of those pictures is about the password.......all the others are decoys.

Finally, when it comes to numbers, I vary how I code those. Most people see the number world as floating point but when I am using numbers for codes, I use integers with floor or ceiling functions. Say I want I want to code March 16th as part of a password made on this day. Seeing that date as floating point, it's something like 3.16 (let's just say it is), but seeing it as an integer with floor function, it becomes 3 and with ceiling function, it becomes 4. I go one step forward. I may use the same simple password over and over again......but I change its numbering system. Say I was using Debb14 as a password. Okay, this month it is Debb14 but next month it's 14151111D....in HEX.
Reply With Quote Quick reply to this message
 
Old 03-17-2016, 02:50 AM
 
Location: Honolulu
1,180 posts, read 1,556,576 times
Reputation: 2878
Quote:
Originally Posted by TamaraSavannah View Post
In my pretty little head and if not there, then in my diary.

The catch is, even if they are in my diary, they are in an abstract code that will trip my memory but they are never written down directly.

So say there's a picture of Paula Cole? Then the password was "WhereHaveAllTheCowboysGone".

Occasionally, it can get very complex in that there is some picture file, with say 7-10 pictures in it, and only one of those pictures is about the password.......all the others are decoys.

Finally, when it comes to numbers, I vary how I code those. Most people see the number world as floating point but when I am using numbers for codes, I use integers with floor or ceiling functions. Say I want I want to code March 16th as part of a password made on this day. Seeing that date as floating point, it's something like 3.16 (let's just say it is), but seeing it as an integer with floor function, it becomes 3 and with ceiling function, it becomes 4. I go one step forward. I may use the same simple password over and over again......but I change its numbering system. Say I was using Debb14 as a password. Okay, this month it is Debb14 but next month it's 14151111D....in HEX.
I just talked to one of my friends who has a job as a network administrator (or something similar), and he said he keeps his passwords on a notepad stored on a usb but like yourself it isn't the actual passwords he writes down but hints, or maybe codes. I guess that's one way to do it if you're comfortable but I think I'll try a password manager.
Reply With Quote Quick reply to this message
 
Old 03-17-2016, 10:55 AM
 
1,294 posts, read 630,977 times
Reputation: 587
Quote:
Originally Posted by WannabeCPA View Post
I just talked to one of my friends who has a job as a network administrator (or something similar), and he said he keeps his passwords on a notepad stored on a usb but like yourself it isn't the actual passwords he writes down but hints, or maybe codes. I guess that's one way to do it if you're comfortable but I think I'll try a password manager.
Password Managers or an encrypted file with a master password.
I've heard suggested on Stack Exchange for Enterprise password sharing; use a Github account and only give read access to people who should have access and do versioning on an encrypted text file with passwords.
The benefits of this would be:
-Historic records
-Every user needs essentially 2FA (a private key to decrypt the file + a password for that private key and a Github account with access to the file)
-... There might be more.
Reply With Quote Quick reply to this message
 
Old 03-17-2016, 12:10 PM
 
Location: Cleveland, Ohio
11,853 posts, read 13,978,818 times
Reputation: 8083
Quote:
Originally Posted by Macrina View Post
Will you tell us whom you have quoted?
I got the quote from the Keepass website. As Skyl3r said it is Bruce Schneier.

https://www.schneier.com/crypto-gram...rceandSecurity

To be clear, I added the 1Password part. That's why I made it red.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 01:24 PM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top