[ale] evernote security breach

Michael Potter michael at potter.name
Mon Mar 4 22:14:06 EST 2013 

I attended a meeting in Chicago about how evidence is collected from
PCs and harddrives.  The technique for cracking your password of your
encrypted files was pretty straightforward:
They first build a dictionary from every word on your unencrypted part
of your harddrive.

So if you every put your Keypassx password in an unencrypted file, you
are screwed.

On Mon, Mar 4, 2013 at 9:49 PM, Ron Frazier (ALE)
<atllinuxenthinfo at techstarship.com> wrote:
>
>
> JD <jdp at algoloma.com> wrote:
>
>>On 03/04/2013 06:54 PM, Jay Lozier wrote:
>>>>
>>> I tend to use very long gibberish passwords (Keypassx) that include
>>any keyboard
>>> character including punctuation. I consider 15 characters
>>unacceptably short.
>>
>>This.
>>
>>KeePass v1.x on Windows
>>KeePassX on Linux
>>KeePassDroid on Android
>>
>>they all share the same binary DB.  Easy to rsync everywhere, though I
>>suppose
>>if you trust 3rd parties, something like dropbox could do it too.
>>
>>If I am not going to type the password, and I don't with KeePass - why
>>not use
>>something long, random, unique, if it is allowed?  My default is 44
>>chars. Only
>>after that is rejected and I carefully read the requirements will I
>>limit the
>>alphabet.
>>
>>I consider anything less than 20 characters weak.
>>
>>Look up "Pure Hate's password cracking" presentation and you'll never
>>use
>>anything less than 15 characters again.
>
> Thanks.  Found this link.  I think it's the video you referred to.
>
> http://vimeo.com/21293347
>
> Ron
>
>>
>>My passwords are not just for today, but I'm trying to be reasonably
>>secure for
>>that data for the next 20 yrs.  People are recording and saving
>>encrypted
>>traffic today to be cracked in the future.  They are working on
>>encrypted
>>traffic from 15 yrs ago now - AND being successful.
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://mail.ale.org/mailman/listinfo/ale
>>See JOBS, ANNOUNCE and SCHOOLS lists at
>>http://mail.ale.org/mailman/listinfo
>
>
> --
>
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity if I'm typing on the touch screen.
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone.  I get about 300 emails per day from alternate energy
> mailing lists and such.  I don't always see new email messages very quickly.)
>
> Ron Frazier
> 770-205-9422 (O)   Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



-- 
Michael Potter
  Tapp Solutions, LLC
  Replatform Technologies, LLC
+1 770 815 6142  ** Atlanta ** michael at potter.name  **
www.linkedin.com/in/michaelpotter

More information about the Ale mailing list