Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx03SZYLLQM1DR1H9yCekRFV0u+idHMoZAaMC7LxGj3CYtQ@mail.gmail.com>
Date: Tue, 21 Aug 2012 15:50:13 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On Tue, Aug 21, 2012 at 3:16 PM, Jeffrey Goldberg <jeffrey@...dmark.org> wrote:
> Not everyone likes or agrees with the approach that we have taken, but people looking for password managers also have this choice in which password manager architecture they want.
Do any password managers use "keyfiles" like TrueCrypt or FreeOTFE do,
so as to to avoid keyloggers? I love using passwords plus keyfiles, I
think of them as a captcha I never have to read :) I'm sure a
rootkit/malware could also keep track of the keyfile that was used,
but until that become a more popular "2nd factor" I don't see it
happening. Thwarting keyfiles or other 2nd factors one would just wait
until the password manager is unlocked and grab the PT from the memory
section and parse it out(however that would work). I guess in the end
there are always risks and tradeoffs to each service/software, you
just have to pick the ones you think offer the best tradeoff's for you
and yours.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.