Page 2 of 2 [ 18 posts ]  Go to page Previous  1, 2

Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

15 Dec 2018, 4:02 pm

kokopelli wrote:
Rainbow Tables may work against Windows computers, but they are useless against any reasonable password scheme.


The thing is, you are not representative of the security of the world. In general, IT-security sucks, people chose crap passwords and far from everyone use salt when hashing - some don't even know about hashing and store passwords in plain text(!) because their PHP 5 coder/self proclaimed security expert said it was a good idea. That is why pentesters are successful in retrieving like 80% of the passwords when they do their audit.

You can continue to list theoretical examples - that i agree with, but that does not change anything - many corporations still suck at security.

As for PW managers, try 1password. Its webbased so yeah, multiplatform.


_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)


kokopelli
Veteran
Veteran

User avatar

Joined: 27 Nov 2017
Gender: Male
Posts: 3,634
Location: amid the sunlight and the dust and the wind

15 Dec 2018, 5:15 pm

Ichinin wrote:
kokopelli wrote:
Rainbow Tables may work against Windows computers, but they are useless against any reasonable password scheme.


The thing is, you are not representative of the security of the world. In general, IT-security sucks, people chose crap passwords and far from everyone use salt when hashing - some don't even know about hashing and store passwords in plain text(!) because their PHP 5 coder/self proclaimed security expert said it was a good idea. That is why pentesters are successful in retrieving like 80% of the passwords when they do their audit.

You can continue to list theoretical examples - that i agree with, but that does not change anything - many corporations still suck at security.

As for PW managers, try 1password. Its webbased so yeah, multiplatform.


Thanks. I'll look into that.

I have run across some that can be installed on a server and accessed from other computers, but haven't tried them.