Security FAQ V1.2

**coju** · 20-06-2012, 22:49

Originally Posted by Thyiad

coju, I'm not sure how reproducing something which wasn't welcome in the last thread, counts as constructive criticism.

If you have a better alternative, please post it.

Sorry about that, didn't realize that had already been posted.

Nice work on this kitteh and those who put constructive input into this. I know those who will use it will be greatly appreciated of the time put in this.

Originally Posted by muzzz

The safest passwords are 13+ characters, containing numbers, punctuation and upper- and lowercase.

What's horrible about that is when the max password you can have is 8 characters only including numbers and letters. Not being able to use "," "*" "'" is preposterous.

**SnickerSnack** · 21-06-2012, 07:01

I haven't finished the thread, but I must post this: http://keepass.info/

It appears to be exactly what we've always wanted. Oh, and when they say that the encryption can't be broken, don't scoff at them, I have (myself - personally) written unbreakable encryption. It's totally normal, and not really even that hard. Not kidding.

**Shagsbeard** · 22-06-2012, 13:38

There are many forms of encryption that can't be broken with today's mathematics and technology... but to say that they're "unbreakable" is an insult to mathematics. Lots of modern mathematics was developed by people looking for and breaking "unbreakable" codes.

**muzzz** · 22-06-2012, 17:55

Originally Posted by SnickerSnack

I haven't finished the thread, but I must post this: http://keepass.info/

It appears to be exactly what we've always wanted. Oh, and when they say that the encryption can't be broken, don't scoff at them, I have (myself - personally) written unbreakable encryption. It's totally normal, and not really even that hard. Not kidding.

This should be clarified for those that aren't familiar with cryptanalysis. In this context, "unbreakable" means that the method of encryption doesn't have any flaws that can be exploited to retrieve a password faster than a brute-force attack could. Every method of encryption is inherently vulnerable to brute-force attacks, although strong encryption and a good password can make it highly impractical.

**Sid** · 24-06-2012, 01:14

I wish elites in D3 were inherently vulnerable to brute-force attacks. My barbarian might actually make it through Act 2.

**SnickerSnack** · 27-06-2012, 15:00

Originally Posted by Shagsbeard

There are many forms of encryption that can't be broken with today's mathematics and technology... but to say that they're "unbreakable" is an insult to mathematics. Lots of modern mathematics was developed by people looking for and breaking "unbreakable" codes.

Originally Posted by muzzz

This should be clarified for those that aren't familiar with cryptanalysis. In this context, "unbreakable" means that the method of encryption doesn't have any flaws that can be exploited to retrieve a password faster than a brute-force attack could. Every method of encryption is inherently vulnerable to brute-force attacks, although strong encryption and a good password can make it highly impractical.

Yes, by "unbreakable" I mean that it would take all the computers in the world longer than the age of the universe to perform a brute force attack. Also, discrete logs are used for this because they are a "hard" problem, and I don't think that the elliptic curve discrete log is even solvable, though my memory is a bit fuzzy on whether any discrete log is solvable.

**muzzz** · 29-06-2012, 19:10

IIRC, discrete logs are closely related to factorization, at least from an algorithmic perspective. They can be solved in sub-exponential time using adapted factorization algorithms.