01micko wrote:2. If you store that file then there isn't much point! An attacker could easily get hold of the file.
You can run md5sum from stdin like so:
Code: Select all
# echo -n '5&kr&t'|md5sum
5622165cab4eb0217daa09f574bd3c3d -
That was just to show the MD5 calculators were in agreement, I did say not to write down the salt 5&kr&t ...
Barkin wrote: ... the real passwords are MD5s of those words in quotes plus a secret string of characters I have committed to memory and never write down, e.g. 5&kr&t
It's the only thing you have to memorize to have an unlimited number of secure passwords.
BTW I use something longer than 5&kr&t as a salt : I use a 15 character string not in the dictionary,
So even if someone knows my list of dummy passwords and the method I've used they will still have to do a
brute force attack on a 15 character unknown which could take some time ...
It would take a desktop PC about 157 billion years to crack your [15 character] password
http://howsecureismypassword.net/
Time Required to Exhaustively Search this [15 character] Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 1.49 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 1.49 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.49 million centuries
Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.
https://www.grc.com/haystack.htm
The above times do not include the additional time taken to calculate the MD5 for each guess: MD5 (DummyPassword+BruteForceGuess).