Another way that you could keep yourself secure is to group passwords into certain databases, with a specific seperate password for each. That way if one password was compromised, you would still have at least another set to be compromised before you took action.
Personally, I don't like to keep everything in one database, it may seem like a good thing to do, but unless I come up with the largest password on Earth to protect it, and the biggest and baddest cipher then its not going to be possible for me :) My two cents. If you're looking for a good cipher, go with anything that is 128bits or above. 1024 should be hard to crack security. If you're offered DES, dump that and go with Triple DES. Verty [EMAIL PROTECTED] You're not alone. I'm 16. I started working on computers at 7 before the internet was large, so I don't have that oppertunity that you did. :) SSNet/FreeLinuxCD Administrator >From: "Sullivan, Glenn" <[EMAIL PROTECTED]> >To: 'Adam Shephard' <[EMAIL PROTECTED]>, "'Jonas V.'" ><[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Subject: RE: Security of Password-Managers >Date: Thu, 9 May 2002 15:23:18 -0400 > >To "kick it up a notch" (bam!) I have borrowed from a suggestion on one of >the security mailing lists: > >I have a password manager program (can't remember the name right now... it >is for reference only, in case I get hit by a bus or get amnesia) but I >keep >two copies of the database on USB Memory Sticks. One copy is attached to >my >keys, which are janitor-chained to my belt, and another copy is in the >vault >with rest of the critical info. > >Glenn Sullivan, MCSE+I MCDBA >David Clark Company Inc. > > >-----Original Message----- >From: Adam Shephard [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, May 08, 2002 5:47 PM >To: 'Jonas V.'; [EMAIL PROTECTED] >Subject: RE: Security of Password-Managers > > >Jonas, > >I've only read a bit about Oubilette in the past but it sounded like the >encryption provided there was not bad-Blowfish, if I remember correctly. >However, anytime anybody can get to all your passwords by cracking one of >them you lose a certain amount of security. > >Basically, you have to balance what you want to protect against how much >work you need to do to protect it. If it's something that should be highly >secure, I wouldn't use a password manager at all. > >By the way, your English is fine. Considering that you are 12 and you have >some basic knowledge of the concepts of password security and there are >many >English-speaking, network-managing adults who aren't even aware that you >shouldn't install IIS if you don't need to serve web pages, you can speak >any way you want! > >Adam > >-----Original Message----- >From: Jonas V. [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, May 07, 2002 11:37 AM >To: [EMAIL PROTECTED] >Subject: Security of Password-Managers > > >Hello!! > >I want to use a password-manager like "Oubliette". >Is this very insecure? >I can choose a very hard master-password with more than 96 bits lenght. >What encryption-algorithm and key-lenght use a program like this? > >Thanks for everything! > >Jonas Vondran <[EMAIL PROTECTED]> > >Please don't laugh about my english! >I'm german and 12 years old. > _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com
