/t/ - Technology

Discussion of Technology

Index Catalog Archive Bottom Refresh
Mode: Reply
Options
Subject
Message

Max message length: 8000

Files

Max file size: 32.00 MB

Max files: 5

Supported file types: GIF, JPG, PNG, WebM, OGG, and more

E-mail
Password

(used to delete files and postings)

Misc

Remember to follow the rules

The backup domain is located at 8chan.se. .cc is a third fallback. TOR access can be found here, or you can access the TOR portal from the clearnet at Redchannit 2.0.

Please be aware of the Site Fallback Plan!
In case outages in Eastern Europe affect site availability, we will work to restore service as quickly as possible.

WE ARE PLANNING THE 2.8 SITE UPGRADE FOR THIS WEEKEND, MONDAY EVENING 6-27. DOWNTIME WILL BE BRIEF, AND THEN WE HUNT FOR BUGS.
(Estamos planeando la actualización del sitio 2.8 para este fin de semana, del lunes 6 al 27 por la tarde o por la noche en CST. El tiempo de inactividad será breve y luego buscaremos errores.)


8chan.moe is a hobby project with no affiliation whatsoever to the administration of any other "8chan" site, past or present.

Board Nuking Issue should be resolved. Apologies for any missing posts.

(127.77 KB 1200x1200 1200px-KeePass_icon.svg.png)

Password Managers Anonymous 06/01/2021 (Tue) 17:14:56 No. 4278
Ok it's time to get a password manager. It has to be open source, free and without any cloud crap because I trust nobody. Which PM do you anons use? Which KeepAss is better? There's the OG, X and XC now. Is there any way to extend my PM to android manually without any company getting their hands on my database? Let's discuss.
Use pass. https://www.passwordstore.org/ It's a password manager, it does one thing and one thing only: manage passwords. Want a GUI? Use a separate program. Want browser integration? Use a browser plugin. Want a searchable menu that lets you copy and paste a password into any prompt? Get dmenu or rofi and glue something together in a shell script. There is a nice selection of stuff built on top of pass on the website. The cool part is that since pass does only one thing it's much easier to reason about it. And since anything beyond just managing passwords sits atop of pass instead of being built it, it's much easier to swap out those things.
>>4283 This is what I use too. Desktop integration with rofi-pass is great, pass-otp manages OTP nicely, and the Password Store android app works great, too, and supports autofill in a lot of apps.
I still use kpcli. There's probably something better out there but I'm too lazy to switch at this point.
>>4283 >Use pass. What benefits does it offer over KeePassXC? >it does one thing and one thing only: manage passwords. Want a GUI? Use a separate program. Want browser integration? Use a browser plugin. Want a searchable menu that lets you copy and paste a password into any prompt? Get dmenu or rofi and glue something together in a shell script. Those are all benefits for the software dev, not for the end user. Why would I want to manage all those extra programs? KeePassXC has a perfectly fine UI, and I don't care about browser integration or autocomplete or any of that other stuff
Use your head. Password Managers are bloat and a single failure point for security.
>>5658 You can do both, actually. It's called peppering. You use a password manager with long complicated randomly generated passwords, then you add something to the end of each of those passwords that only exists in your head. For example this could be your password for netflix. >5n`<W'PyZ[;4o~=- n!etflix And for 8moe >Z:m("!~_DGTL2n=d 8!moe Obviously if you were so inclined you could get more creative then peppering the password with just the name of the service, but it's a very good approach to secure passwords if you for whatever reason think that your password manager could get compromised. Which is kind of an outlandish scenario, but I can wholly understand and respect not wanting a single point of failure as you've pointed out. But simply remembering all your passwords is clearly not feasible. Remembering maybe 3 high entropy passwords is probably most peoples limit.
>>5665 lol, i used to do this shit with my one-and-only-password-for-everything and called it a solution. but it never occurred to my nigger brain to do it to auto-generated passwords too, nice
I just use a bunch of files as passwords you just need to convert the byte stream to plaintext
>>5671 >pajeet linux
(566.22 KB 576x1024 ClipboardImage.png)

>>5671 >lua #!/bin/bash tr -cd '[:print:]' <"$1" | tail -c ${2:-32} usage: $ get-bytes.sh "filename.jpg" 69 # 69 chars also >kali >l33t h4x0r bash prompt >gui file manager lol picrel >>5672 do pajeets main kali? it seems more like a 90's skiddies OS, considering parrotOS is the new hotness for haxoring into mainframes. when they're not busy telling us they use arch btw, that is
>>5674 >l33t >doesnt even know basic security shell commands are completely visible and cached anyone can just run a debugger like strace and see your password long after youve called it the point of using lua or any secondary interpreter is to prevent internals from being visible, lua is just more practical because it embeds nativley in c where you can overwrite the memory address multiple times to make sure its gone
>>5681 >shell commands are completely visible and cached stdout isn't cached, just the fact that you invoked the script and the filename >implying invoking a lua script on the command line is different than invoking other commands on the command line nigger are you for real >the point of using lua or any secondary interpreter is to prevent internals from being visible >it embeds natively in c where you can overwrite the memory address multiple times to make sure its gone do you even have confirmation that lua scrubs its memroy before exiting? or are you just saying "C can do this"? <tr and tail are fucking C programs do you even know how to use a shell? and let me guess, you fucking copy-paste your passwords into input fields, using your clipboard like a retard goddamn, skiddie stereotype confirmed
>>5682 wow you are retarded the epitome of dunning kruger 1.the shell command is your fucking password, I just need a ram dump and the file to get your password if the password isnt already in the dump and not overwritten 2.Im talking about c you fucking idiot, embedded lua has access to variables in c, giving lua a pointer and overwriting it after closing lua state means no trace of it exists anymore other than the address which is now guaranteed empty, I just changed the offset in the script which is what I use in c with a pointer, without the offset its impossible to get the password EVEN if you have the lua script and filename and a ram dump 3.you are clearly mentally disabled and dont understand how a kernel works let alone what a ram dump looks like, dunning kruger is an overstatement for you
>>5682 >When you realize you were the skiddie this whole time
>>5682 >imagine literally being an actual skiddie and writing this This is like luke smith levels of cringe
>>5643 >this fag doesn't know about extensibility Using a separate program for all of these things gives you more control and lets you better specify what you want your password manager to have as a function. Don't want password generation? Don't extend functionality to something that could do that. <...and I don't care about browser integration or autocomplete or any of that other stuff Again, just don't extend pass to those applications, then. >>4278 Syncing your database with a home server that your devices' Keepass instances can access through the Internet should let you do this. I haven't done this myself, though, only through MEGA, and I don't know if that site is actually trustworthy. Better to learn how to setup your own server for this as you have full control.
I mentally encrypt my passwords from plain text to AES-256, then use invisible ink to write them down on a grain of rice. Then I take the rice and hide it under a loose floorboard in my bedroom. I did lose my passwords once to a hungry mouse, but other than that, I'm pretty happy with this arrangement.
>>5658 You should cipher your written passwords. If someone were to sneak into your home they could collect all of your passwords. In the event of a raid I am capable of destroying my written passwords, however in the event of a clandestine operation to access them, I am also protected somewhat. However if pictures of the ciphered keys were taken they could be deciphered.
>>5658 >implying head is not bloat >implying head is not a single failure point >implying head is secure >never heard about meat / machine interpenetration God damn it anon, just don't use passwords.


Forms
Delete
Report
Quick Reply