0
I tend to use same 2-3 passwords for all sites and want to change that but want to make sure I standardize my new approach as well.
Looking at password hashing and I know very little other than what I have been reading last few hours.
Is there any sites that use secure crypto with salting that I can just save the page for offline use?
I might be doing this wrong so that is second part, if my approach is flawed can someone suggest a better way.
was thinking of using custom password + salted user name + domain.com = new hash then using 20 char starting with the forth inward.
Any info would be wonderful.
Are you trying to come up with an algorithm for generating passwords? – Nifle – 2014-11-23T19:47:18.793
No not at all, this is for personal use. Want to stop using same password all over the internet but want a good way to remember them. Thought if I used a formula and had a page saved for offline use I could recall a password if I forgot and make new ones as I sign up for new services. Read that sha1 was better than md5 but then read saying both were bad. So very confused on what would work for me. – None – 2014-11-23T19:47:47.533
I understand it's for personal use as I have a hard time understanding why anyone else would complicate things like this when pwgen exists. – Nifle – 2014-11-23T19:50:26.193
Didnt know that was a thing til just now, will look into it but still curious about the hashing. – None – 2014-11-23T19:51:37.723
Ahh. Your edit of your comment explains what you meant. I would say it's looks good enough and md5 should be godd enough for this use. – Nifle – 2014-11-23T19:52:08.203
Just keep your
custom password
a well guarded secret. – Nifle – 2014-11-23T19:52:57.737There is sooooo much advice on passwords and using md5 is quite possibly one of the worst because it only creates alphanumeric hashes of your password - easy to crack! You should use a password manager if you need access to many passwords. You then need to remember one single password. Your password should contain upper, lower, numbers and symbols and be of a suitable length. It seems you're trying to reinvent the wheel... – Kinnectus – 2014-11-23T20:25:29.273
What would be the best PW manager that is cross platform for Win7, Android, Blackerry. Blackberry being the big one. Also lets you encrypt the info? I am sorry to sound dumb been so long since I tried to learn this. – None – 2014-11-23T20:38:00.357
@BigChris, an MD5 hash of a strong password is as strong as the password itself, unless the original password actually contains more than 128 bits of entropy (which is not typical). It doesn't matter that the hash is written using only alphanumerics; there are still 2^128 possible MD5 hashes, which is a huge number. An attacker would have an easier time guessing the original password and then hashing it. – Wyzard – 2014-11-23T20:55:11.897
Using passwords for authentication is an inherently bad idea. Certificate based authentication like SQRL is a promising alternative.
– Andreas F – 2014-11-23T21:31:18.273