Rhyme and Punishment Forums

Rhyme and Punishment is a World of Warcraft guild situated on the Moonglade (EU) realm.

Skip to content

End of Passwords

They're watching. All the time. Everywhere.
Reply

Topic/Postby Gergel » 25 Jun 2015, 19:24

The idea is nice, but I think I will stick with my KeePassX. Erethas has pretty much stated both issues I also have with this program.

It generates only four passwords for me. I just checked my KeePassX container, it has about one hundred entries in it, give or take a few, each of them different. Plus there are quite a few different passwords/passphrases I keep only in my memory. Having your program provide only four pre-labeled passwords (one of them for a Facebook account which I do not even have) is somewhat... insufficient.

Your program generates four passwords based on two other passwords that I would need to remember. I might as well just remember four separate passwords. What's the point of those two separate passwords anyway? I can't imagine how it makes the encryption or hashing process any more secure compared to only one password (which you could split in half to get two parts, if you really need them).

My KeePassX container sits in my DropBox, where I can open it under any operating system I use (Windows, Linux, Android, Windows RT) and could potentially open in just about any other operating system I can conceive of (OSX, IOS, WinPhone, BSD, ad infinitum). Yours is, it would seem, Windows-only.

And of course I, like Erethas, think that its closed-source, security-through-obscurity nature doesn't really help very much. If a bad guy were to take any serious interest in it, he would most likely have it cracked faster than you can say "Blorgh". (Assuming you draw the word out really long, "Bllllllllooooooooooorrrrrrrrrrggggggggghhhhhhhhhhhhhhh".)



Edit: I must admit that saying "Blorgh" lasted quite a few minutes in my case. Well, at least you're using AES256 and are not inventing your own crypto algorithm... Although the password generator routine could be probably be defined more easily as a separate function instead of doing the same thing four times. If you ever decide to add more generated passwords, you may run into a problem with minimum length of _stringtohex(_crypt_encryptdata()) return value, assuming both $num and $pass1 are only one character long.
What kind of sick individual burns a book full of perfectly good dark arts?!
- Darkscryer Raastok
2 people like this post.
User avatar
Gergel
Gergel Cosmic Smash!
 
Posts: 1995
Location: Estonia
Top
Reply

Return to Tinfoil Hat Members' Club



Who is online

Users browsing this forum: No registered users

Powered by phpBB® Forum Software © phpBB Group
cron