2023 Security Check-up Reminder

[thegrayman]

Can I post my Bitwarden e-mail and password in the thread so the friendly Kiwis can tell me if it’s secure enough?

 

[Aidan]

This would be a good time to ask this question.

I get a reminder in the email to sign in to my id.me account to keep it from expiring. What is id.me and why should I care?

id.me is a company that offers identity verification as a service. During Corona they worked with a lot of organizations and part of that was getting our data from those organizations, many of them federal.
They probably want you to sign in and give them even more info, if you don't know what it is then you haven't had to use them which is for the best in my opinion.

 

[Human Institute Director]

Recommending KeePass for other users here like others did before in the thread.

I'll never trust online password managers. With KeePass you just have an offline file you can search and you can copy it on an USB drive or something.

 

[African Jungle Nigger]

Who knew the chudbuds meme still had life in it?

 

[Pelican Bones]

It's heart warming that null cares so much for his retarded kittens that he still looks out for them by giving the same good advice that he's given many times for many years.

 

[G19]

I was recently considering putting a halt to my abysmally lazy practice of letting my browser save my passwords, and this just seals the deal.

 

[AnOminous]

If you use Password1234 as your password no one will be able to break it because it will be too obvious

I disagree. trustno1 is obviously a better password.

If they're unique and sufficiently long, I'll concede that English passphrases are still good enough. Just did some back of the napkin math; there are 40,000 English words in common use per Google, so a passphrase of 4 common words (with reuse) has 40,000^4 permutations.

This is why you don't limit it to common use. Use a wordlist extracted from the OED. Throw in every word Shakespeare ever used. Throw in a couple foreign languages. You can come up with really ridiculous wordlists where most of the results are still memorable.

 

[quackrock]

I disagree. trustno1 is obviously a better password.

smashthestate

 

[deepFriedBaka]

Someone jokingly suggested if the TND copypasta would be a secure enough password, so obviously this isn't serious.

Spoiler: Is TND a "secure" password?

If you don't reveal that you shitpost, it'll last until the end of the universe (in theory). If you do reveal that you shitpost, they'll probably try it.

It's 951 characters/100-something words long, so if you (somehow) find a 1,000+-character database table to store it, I guess you could manage. That being said, if you actually look at how secure it is:



Assuming they don't know it's that specific copypasta:
200 septillion is 200 followed by 24 zeroes... (2 x 10^26 or 200,000,000,000,000,000,000,000,000)
200 septuagintillion is 200 followed by 213 zeroes (2 x 10^213 or... I'll put the screenshot below, it's a big-ass number)
200 quingentillion is 200 followed by 1,053 zeroes (or 10.53 googols)

200 septillion is already a long-ass time. Wikipedia says it's around the time that most stellar remnants and other objects are ejected from the remains of their galactic cluster, per Wikipedia. Translation - Earth would have been dust very, very fucking long ago.

Technically speaking, your passwords don't need to last until the end of the Universe - just until the Sun stops being a red giant, because then everyone (and everything) on Earth dies. That's 5 billion years. TND (so far) would last way the hell longer.

Spoiler: 200 septuagintillion

A really fucking big number, if we're talking about years.

This is around the time it would take every proton to decay. It's a long-ass time.

Spoiler: 200 quingentillion

A really, really fucking big number, if we're talking about years.

You thought 200 septuagintillion was long? This is (probably) longer than it would take a black hole to decay. We'd be dead for an incomprehensibly long amount of time since then, but if an alien wanted to crack TND it would probably need less time than that.

I'm not the best at scientific notation, so I'm not going to add them (someone else can). It's big, though, and that's really all it comes down to.

That's a ridiculously long time, so if you need to keep something locked up until everything falls into a supermassive black hole (2 * 10^30 years), every atom decays (2 * 10^36 years), or a false vacuum possibly collapses (10^139 years), you might as well go with TND.

Spoiler: How ridiculous can we get?

Want to make it more secure? Add four exclamation marks to the end and the length of time skyrockets:



Without going into too much detail, a "sescentillion" is 1 followed by 1,803 zeroes, and so 200 sescentillion is 2 x 10^1803:



How long is that? Long enough for every bit of matter in the universe to turn into iron. And here I thought 200 quingentillion was a big number.

Spoiler: Can we get a five-digit exponent?

Honestly at this point you won't have to worry about password security anymore.

But just for shits and giggles let's do the calculation to see if we can get a five-digit exponent (i.e. 1 x 10^10,000, or 1 x 10^10^5). A very unscientific Google search reveals this number is slightly below a "quadrimillinillion". I'll save you the screenshots I took and just show you the end result:



That's 3 x 10^24 + 3 x 10^183 + 3^2,403 + 3^3,003. Something around 3^5,000... it's still not a five-digit exponent but I tried. This "password", by the way, is so obscenely long that the word counter crapped out when I tried to run it.

Spoiler: tl;dr

TND is secure for all intents and purposes (it'll last longer than anyone needs it to), as long as no one knows you're a shitposter and you have a 1000+ column database table to do so. Add four exclamation marks and the time to crack it gets obscenely long. Throw in random junk and it will take until quantum tunneling brings about a new Universe.

 

[AnOminous]

I use it in combination with veracrypt, but that's just because I'm a paranoid bastard.

Just because you're paranoid doesn't mean they aren't out to get you.

Also PROTIP: THEY *ARE* OUT TO GET YOU.

 

[UERISIMILITUDO]

I find the easiest way in this brave new world isn't compartmentalization, but reduction. This is the big new account I made in this year, and I probably won't make another. Now, sure, they're compartmentalized in the sense one can't be used to access another, but still. Besides, what's someone going to do with my true identity, if it ever leaks, complain about the opinions I hold and would defend in a face-to-face conversation?

Another thing to do is use the WWW with JavaScript disabled. I rarely enable it here, and I also have the various just-in-time compilers disabled, meaning I'm unlikely to be harmed in that way.

 

[anustart76]

Recommending KeePass for other users here like others did before in the thread.

I'll never trust online password managers. With KeePass you just have an offline file you can search and you can copy it on an USB drive or something.

Yep, I like KeepassXC for desktop and KeepassDX for Android. Use SyncThing to keep your password DB in sync. Keepass can handle passwords and TOTP and it's free/open source software too.

 

[Racist Trash]

Pencil and paper stored passwords are never online and so can never be hacked.

Just saying.

That's what you think penistoucher88, e-ink allows me to hack your writing.

 

[mindlessobserver]

I was recently considering putting a halt to my abysmally lazy practice of letting my browser save my passwords, and this just seals the deal.

You would be shocked what your browser remembers. If you don't watch out it will save your full identification number(SSN for americunts), drivers license number, birthday and then upload that shit to the cloud where Microjew or Jewgle can use it for who knows what perfidous purpose.

 

[deepFriedBaka]

Just for fun, I did some more password stuff.

Using the entire last chapter of Moby Dick would take 1 sextillion unviginticentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years to crack.

Using the entire Bee Movie script would take 5 sextillion trigintacentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years to crack.

Using the entire Titanic script would take 2 quattuortrigintillion nongentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years (and that's before it hit the iceberg, the thing crashed at that point!)

You'd need a database row of a billion+ characters, but it could work if you were the admin or really wanted security.

 

[BrieLarsonFan2004]

tfw using seven proxies

 

[Sayer of the N-Word]

Not worthing looking at. Skinny as fuck and has no tits. face is average. Very basic bitch.

I had to look because the claim that the owner of chudbuds.lol didn't look like a total weirdo that you'd cross the street to avoid sounded very implausible.

 

[mindlessobserver]

smashthestate

Too weak.

smashthestateinminecraft would be impossible to crack by brute force and there is no way you would forget it.

 

[maguyver16]

Thanks for the info. Tried using the site during the DDos saga/shutdown but was instantly bored of it. Makes me glad the Farms is still kicking.

 

[quackrock]

Just for fun, I did some more password stuff.

Using the entire last chapter of Moby Dick would take 1 sextillion unviginticentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years to crack.

Using the entire Bee Movie script would take 5 sextillion trigintacentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years to crack.

Using the entire Titanic script would take 2 quattuortrigintillion nongentillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion millinillion years (and that's before it hit the iceberg, the thing crashed at that point!)

You'd need a database row of a billion+ characters, but it could work if you were the admin or really wanted security.

Depending on the cipher, it wouldn't take nearly that long to crack since you'd hit upon a hash collision first. For example, AES-256 is so called because the key size is always 256 bits. When you enter a password to encrypt/decrypt some payload with AES-256, the password gets shrunk or expanded to fit in exactly 256 bits.

The code that does this is the "key derivation function," and is typically a hash function. Thanks to the pigeonhole principle, there exists at least one input of 256 bits or fewer which produces the same output hash as a given cleartext of length > 256 bits. You would find this password before you ever got to the full Titanic or Bee Movie script.

If your cipher actually allows for ridiculously long keys, that's a different story. But most password managers use AES for this kind of stuff.