Password strength

[kf4hcw]

On 2014-10-21 13:43, Richard O'Neill wrote:
>
>  Wouldn't it be risky  to store a master password on a computer? Even
> if well encrypted it might still be hacked by the likes of
> sophisticated (Government) snoopers.

Technically you never store the master password on your computer -- you
remember it or store it elsewhere offline (just in case you have a
moment or need to give it to someone if your incapacitated).

What happens on the computer is that if you get the password right then
your other data can be successfully decrypted by your password manager
software. If you get it wrong then the data can't be decrypted.

Also, when you're using your password manager the encrypted passwords
are never in memory very long (at least for a good PW manager like
KeePass). The one pw you selected is decrypted and made available to you
for a handful of seconds and then it's wiped out again -- that makes the
window for capture very, very small.


> What about using multiplied combinations of large prime numbers to
> generate a key?

That's an interesting notion -- you wouldn't keep those prime numbers in
your head would you?

Also, if you're up against the government, all bets are probably off...
they have the resources to brute-force just about anything you're likely
to have on your machine without breaking a sweat-- and that includes
factoring polynomials based on large primes.

_M

-- 
kf4hcw
Pete McNeil
lifeatwarp9.com/kf4hcw