![]() Once she has it, she can generate any current and future passwords, until you stop using the generator with the same master password. To steal your password, the attacker has to steal your master password, or steal one of the derived passwords and guess/bruteforce the master password. Password generator (from a single master password) Once the attacker has the database and master password, she has access to your current accounts until you change stored passwords. Then she has two options: steal the master password or guess/bruteforce it. To steal your passwords, the attacker has to steal the database. Are their any other options? Am I missing any other large security problems these password managers create? In both cases it seems that knowing the master password either gives you the other passwords, or allows you to generate them. However, it's less safe in another way since you can never change an individual site's password if it is ever compromised. ![]() This is perhaps more safe in one way since nothing is ever stored or transmitted anywhere. On the other hand you have systems which take a master password and then can generate a unique (but always the same) password by adding the domain or other identifier. When you authenticate with your master password at, returns all your encrypted passwords, which are decrypted locally on your computer with your email and master password. In other words, your computer encrypts your passwords with your email and master password and sends that data to Lastpass. ![]() On one hand you have system's like LastPass which store all your passwords using a master password to encrypt them. However, they all seem to fail if the master password is compromised (which isn't a big surprise). I have been wondering about the options available for managing passwords. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |