30 lines
1.6 KiB
Markdown
30 lines
1.6 KiB
Markdown
|
# Passwords
|
||
|
|
|
||
|
|
# User
|
||
|
|
|
||
|
|
- different services have different password requirements (special chars, lenghts)
|
||
|
|
- entropy vs specific rules
|
||
|
|
- passphrases (easy to remember)
|
||
|
|
- generating random passwords (humans are bad at random)
|
||
|
|
- password manager (forgetting passwords): KeePass (also generates passwords)
|
||
|
|
1 Master password (needs to be remmebered/written down on physically secure medium)
|
||
|
|
unlimited number of passwords encrypted with the master password
|
||
|
|
KeePass requries a login to add a new password
|
||
|
|
KeePass clears clipboard few seconds after copying the password
|
||
|
|
some passwords managers are online, which adds risk
|
||
|
|
- backups are important (passwords more likely to get lost than hacked)
|
||
|
|
- its good to change passwords reguraly, but it is less important than other good practices
|
||
|
|
|
||
|
|
# Programmer
|
||
|
|
|
||
|
|
- storing user passwords adds risks of hacker gaining a lot of passwords at once
|
||
|
|
- hash functions create unique data corresponding to each user password from which it can't be directly determined what the password was, but it can be checked if a specifc password hashes to that value
|
||
|
|
- salted hashes are hash values that are stored with additional data which is added to the password before hashing it, makes each hash value unique, even if two passwords are the same
|
||
|
|
|
||
|
|
# Hacker
|
||
|
|
|
||
|
|
- if the hash function is difficult to calculate for a specific password, it is more secure, since attackers need to spend more resources to check if a specificv password hashes to needed data
|
||
|
|
- MD5 is too easy to calculate, so a hacker can calculate hash values of many different passwords and check if some of them are same as users hash
|
||
|
|
- hashcat
|
||
|
|
|