On Fri, 11 Apr 2014 13:22:56 -0400, Messenger <dont@shoot.me> wrote:

> On Friday, 11 April 2014 at 15:06:33 UTC, Meta wrote:
>> I swear by LastPass as well. It's a great tool.
>
> Physical ties to the United States --> security expectations null and void. Cough http://lavabit.com cough.

Last pass cannot recover your passwords for you. They also can't do it for the government, even if asked.

Their statement on the whole thing: http://blog.lastpass.com/2013/09/lastpass-and-nsa-controversy.html

-Steve

On 4/11/14, 3:01 AM, Andrea Fontana wrote:
> On Friday, 11 April 2014 at 07:39:12 UTC, Manu wrote:
>> as your email address and whether you get digests or not.  As a
>> reminder, your membership password is
>>
>>      [My password!!!]    WHAT!!!11!one!
>>
>> If you have any questions or problems, you can contact the list owner
>> at
>>
>>     digitalmars-d-owner@puremagic.com
>
> Funny. Plain text password stored on db. Plain text password sent over smpt. Plain text password in
> the wild: http://goo.gl/JykIcu

Yup, mailman sucks.  But so do all the other list managers out there.  :)  With all the accurate and well placed righteous indignation on this thread.. surely someone has the drive to actually fix the problem.  I'm reasonably confident that the mailman team would appreciate the manpower to tackle the problem. :)

Personally, I use a unique password for each site with pwsafe as the storage manager.  I consider list passwords so low value that I really just don't care that the passwords are fundamentally crappily managed.  Sharing password between sites, particularly low trust sites, is a major security no no.  Don't do it.

On Fri, Apr 11, 2014 at 9:36 AM, Brad Anderson <eco@gnuk.net> wrote:
>
> I second the endorsement for LastPass... There is a lot of peace of mind knowing any site hacks that occur are isolated to one site and not all the sites I used the password for.
>

LastPass is still closed source, so you have to trust them. Wouldn't it be better to use something like Password Safe or Keepass, both of which are open source?

--
Ziad

On Friday, 11 April 2014 at 19:59:57 UTC, Ziad Hatahet wrote:
> On Fri, Apr 11, 2014 at 9:36 AM, Brad Anderson <eco@gnuk.net> wrote:
>>
>> I second the endorsement for LastPass... There is a lot of peace of mind
>> knowing any site hacks that occur are isolated to one site and not all the
>> sites I used the password for.
>>
>
> LastPass is still closed source, so you have to trust them. Wouldn't it be
> better to use something like Password Safe or Keepass, both of which are
> open source?
>
> --
> Ziad

If you actually check the source of those and build your own binaries, sure. I'm not going to take the time to do that though so having them be open source is effectively no different than closed source for me. I do use KeePass for work though and can endorse it as being useful as well.

On Friday, 11 April 2014 at 16:42:30 UTC, Walter Bright wrote:
> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>> If, after the last year of hacking, and the heartbleed bug, people are not using
>> password tracker/generators, you haven't learned anything :)
>
> But those pw managers are a single point of failure. One mistake and you've compromised or lost everything. If your machine it is installed on is stolen, you've lost all your passwords. Etc.

For less critical passwords, I use a JavaScript bookmarklet with the code below. It's mostly an MD5 implementation. It takes the base URL of the current page, concatenates a salt, and then MD5-hashes the result. Then it pops up a dialog box containing the hash, and that's my password for that site.

It doesn't work on crappy sites with silly restrictions (so many numbers, no more than X characters -- that last one especially makes my blood boil, because you *know* they aren't properly hashing your password), but most modern sites accept it just fine.

Please don't use this yourself without changing the salt to something very un-guessable. And please don't hack my system, grab my bookmark settings, and figure out my salt...

I don't remember where I found the MD5 implementation. It's not mine, and I didn't keep a reference.

Graham

javascript:var host=document.location.host; var hexcase = 0;  /* hex output format. 0 - lowercase; 1 - uppercase        */ var b64pad  = ""; /* base-64 pad character. "=" for strict RFC compliance   */ var chrsz   = 8;  /* bits per input character. 8 - ASCII; 16 - Unicode      */  function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}  function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));} function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));} function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); } function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); } function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }  /*  * Perform a simple self-test to see if the VM is working  */ function md5_vm_test() {   return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; }  /*  * Calculate the MD5 of an array of little-endian words, and a bit length  */ function core_md5(x, len) {   /* append padding */   x[len >> 5] |= 0x80 << ((len) %25 32);   x[(((len + 64) >>> 9) << 4) + 14] = len;    var a =  1732584193;   var b = -271733879;   var c = -1732584194;   var d =  271733878;    for(var i = 0; i < x.length; i += 16)   {     var olda = a;     var oldb = b;     var oldc = c;     var oldd = d;      a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);     d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);     c = md5_ff(c, d, a, b, x[i+ 2], 17,  606105819);     b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);     a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);     d = md5_ff(d, a, b, c, x[i+ 5], 12,  1200080426);     c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);     b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);     a = md5_ff(a, b, c, d, x[i+ 8], 7 ,  1770035416);     d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);     c = md5_ff(c, d, a, b, x[i+10], 17, -42063);     b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);     a = md5_ff(a, b, c, d, x[i+12], 7 ,  1804603682);     d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);     c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);     b = md5_ff(b, c, d, a, x[i+15], 22,  1236535329);      a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);     d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);     c = md5_gg(c, d, a, b, x[i+11], 14,  643717713);     b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);     a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);     d = md5_gg(d, a, b, c, x[i+10], 9 ,  38016083);     c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);     b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);     a = md5_gg(a, b, c, d, x[i+ 9], 5 ,  568446438);     d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);     c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);     b = md5_gg(b, c, d, a, x[i+ 8], 20,  1163531501);     a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);     d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);     c = md5_gg(c, d, a, b, x[i+ 7], 14,  1735328473);     b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);      a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);     d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);     c = md5_hh(c, d, a, b, x[i+11], 16,  1839030562);     b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);     a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);     d = md5_hh(d, a, b, c, x[i+ 4], 11,  1272893353);     c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);     b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);     a = md5_hh(a, b, c, d, x[i+13], 4 ,  681279174);     d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);     c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);     b = md5_hh(b, c, d, a, x[i+ 6], 23,  76029189);     a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);     d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);     c = md5_hh(c, d, a, b, x[i+15], 16,  530742520);     b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);      a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);     d = md5_ii(d, a, b, c, x[i+ 7], 10,  1126891415);     c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);     b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);     a = md5_ii(a, b, c, d, x[i+12], 6 ,  1700485571);     d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);     c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);     b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);     a = md5_ii(a, b, c, d, x[i+ 8], 6 ,  1873313359);     d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);     c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);     b = md5_ii(b, c, d, a, x[i+13], 21,  1309151649);     a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);     d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);     c = md5_ii(c, d, a, b, x[i+ 2], 15,  718787259);     b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);      a = safe_add(a, olda);     b = safe_add(b, oldb);     c = safe_add(c, oldc);     d = safe_add(d, oldd);   }   return Array(a, b, c, d);  }  /*  * These functions implement the four basic operations the algorithm uses.  */ function md5_cmn(q, a, b, x, s, t) {   return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); } function md5_ff(a, b, c, d, x, s, t) {   return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); } function md5_gg(a, b, c, d, x, s, t) {   return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); } function md5_hh(a, b, c, d, x, s, t) {   return md5_cmn(b ^ c ^ d, a, b, x, s, t); } function md5_ii(a, b, c, d, x, s, t) {   return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); }  /*  * Calculate the HMAC-MD5, of a key and some data  */ function core_hmac_md5(key, data) {   var bkey = str2binl(key);   if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);    var ipad = Array(16), opad = Array(16);   for(var i = 0; i < 16; i++)   {     ipad[i] = bkey[i] ^ 0x36363636;     opad[i] = bkey[i] ^ 0x5C5C5C5C;   }    var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);   return core_md5(opad.concat(hash), 512 + 128); }  /*  * Add integers, wrapping at 2^32. This uses 16-bit operations internally  * to work around bugs in some JS interpreters.  */ function safe_add(x, y) {   var lsw = (x & 0xFFFF) + (y & 0xFFFF);   var msw = (x >> 16) + (y >> 16) + (lsw >> 16);   return (msw << 16) | (lsw & 0xFFFF); }  /*  * Bitwise rotate a 32-bit number to the left.  */ function bit_rol(num, cnt) {   return (num << cnt) | (num >>> (32 - cnt)); }  /*  * Convert a string to an array of little-endian words  * If chrsz is ASCII, characters >255 have their hi-byte silently ignored.  */ function str2binl(str) {   var bin = Array();   var mask = (1 << chrsz) - 1;   for(var i = 0; i < str.length * chrsz; i += chrsz)     bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%25 32);   return bin; }  /*  * Convert an array of little-endian words to a string  */ function binl2str(bin) {   var str = "";   var mask = (1 << chrsz) - 1;   for(var i = 0; i < bin.length * 32; i += chrsz)     str += String.fromCharCode((bin[i>>5] >>> (i %25 32)) & mask);   return str; }  /*  * Convert an array of little-endian words to a hex string.  */ function binl2hex(binarray) {   var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";   var str = "";   for(var i = 0; i < binarray.length * 4; i++)   {     str += hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8+4)) & 0xF) +            hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8  )) & 0xF);   }   return str; }  /*  * Convert an array of little-endian words to a base-64 string  */ function binl2b64(binarray) {   var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";   var str = "";   for(var i = 0; i < binarray.length * 4; i += 3)   {     var triplet = (((binarray[i   >> 2] >> 8 * ( i   %25 4)) & 0xFF) << 16)                 | (((binarray[i+1 >> 2] >> 8 * ((i+1)%25 4)) & 0xFF) << 8 )                 |  ((binarray[i+2 >> 2] >> 8 * ((i+2)%25 4)) & 0xFF);     for(var j = 0; j < 4; j++)     {       if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;       else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);     }   }   return str; }  ; var SALT='YOUR_SALT_GOES_HERE'; prompt('result for ' + host + ':', (b64_md5(SALT + ':&#*$'%20+%20host)));%20void(0);

On Friday, 11 April 2014 at 20:27:34 UTC, Graham Fawcett wrote:
> On Friday, 11 April 2014 at 16:42:30 UTC, Walter Bright wrote:
>> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>>> If, after the last year of hacking, and the heartbleed bug, people are not using
>>> password tracker/generators, you haven't learned anything :)
>>
>> But those pw managers are a single point of failure. One mistake and you've compromised or lost everything. If your machine it is installed on is stolen, you've lost all your passwords. Etc.
>
> For less critical passwords, I use a JavaScript bookmarklet with the code below. It's mostly an MD5 implementation. It takes the base URL of the current page, concatenates a salt, and then MD5-hashes the result. Then it pops up a dialog box containing the hash, and that's my password for that site.
>
> It doesn't work on crappy sites with silly restrictions (so many numbers, no more than X characters -- that last one especially makes my blood boil, because you *know* they aren't properly hashing your password), but most modern sites accept it just fine.

A couple years ago I tried to use http://supergenpass.com/ (which works similarly) but there were just too many sites whose restrictions made it not work. Good concept though.

On 4/11/2014 9:55 AM, Steven Schveighoffer wrote:
> On Fri, 11 Apr 2014 12:42:31 -0400, Walter Bright <newshound2@digitalmars.com>
> wrote:
>
>> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>>> If, after the last year of hacking, and the heartbleed bug, people are not using
>>> password tracker/generators, you haven't learned anything :)
>>
>> But those pw managers are a single point of failure. One mistake and you've
>> compromised or lost everything.
>
> What mistake?

Having a single password for everything. Heck, you could simply forget that password.


>> If your machine it is installed on is stolen, you've lost all your passwords.
>> Etc.
>
> Read about LastPass. Your last-pass vault is encrypted and stored in the cloud.

Or there could be a bug in LastPass that makes it crackable. Not like something like that has never happened before (cough, cough), again, a single point of failure and everything is lost.

I remember a while back about someone with a Mac password vault lost his whole online life when the vault got compromised.

On 4/11/2014 12:55 PM, Steven Schveighoffer wrote:
> On Fri, 11 Apr 2014 12:42:31 -0400, Walter Bright
> <newshound2@digitalmars.com> wrote:
>
>> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>>> If, after the last year of hacking, and the heartbleed bug, people
>>> are not using
>>> password tracker/generators, you haven't learned anything :)
>>
>> But those pw managers are a single point of failure. One mistake and
>> you've compromised or lost everything.
>
> What mistake?
>

Pretty much anything? Letting the wrong person see you type your pass. Using it on a system (even your own) that secretly has a keylogger or is compromised in any number of other ways. Getting bit by an ecryption library vulnerability. Using a master pass that turns out not to be quite good enough. Relying on NSA-backed "encryption". Just off the top of my head.

>> If your machine it is installed on is stolen, you've lost all your
>> passwords. Etc.
>
> Read about LastPass. Your last-pass vault is encrypted and stored in the
> cloud.
>

No, it's stored on a server. On the internet. *cough*

Due to LastPass's closed-ness, all we can do is blindly trust whatever they claim (yea, companies are great at never lying to users), *and* blindly trust all of their software to not contain exploitable vulnerabilities[*]. Look how great that works out for users of Google/Microsoft/etc.

[*] I guess we could reverse-engineer, but closed-source is a great way to ensure most of the people auditing your code are blackhats. Not what I want from software I'd use to store all my passwords.

On 4/11/2014 3:37 PM, Brad Roberts wrote:
>
> Yup, mailman sucks.  But so do all the other list managers out there.
> :)  With all the accurate and well placed righteous indignation on this
> thread.. surely someone has the drive to actually fix the problem.

I'm actually [indirectly] working on that sort of thing by developing libs intended to make using proper security best-practices far too convenient for anyone to NOT use them. The first part of that:

http://forum.dlang.org/thread/lhr7kb$17f2$1@digitalmars.com

Outside testing and source auditing would be appreciated. I admit I'm currently having a little trouble reconciling @safe with the auto-zeroing password struct. (Maybe Password could somehow just use RAII without RefCounting?)

> I'm
> reasonably confident that the mailman team would appreciate the manpower
> to tackle the problem. :)
>

Honestly, I'm not so sure about that:

http://www.list.org/jwzrebuttal.html

The mailman devs appear to be thoroughly convinced their auth system is a good one.

On 4/11/14, 9:55 AM, Steven Schveighoffer wrote:
> On Fri, 11 Apr 2014 12:42:31 -0400, Walter Bright
> <newshound2@digitalmars.com> wrote:
>
>> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>>> If, after the last year of hacking, and the heartbleed bug, people
>>> are not using
>>> password tracker/generators, you haven't learned anything :)
>>
>> But those pw managers are a single point of failure. One mistake and
>> you've compromised or lost everything.
>
> What mistake?
>
>> If your machine it is installed on is stolen, you've lost all your
>> passwords. Etc.
>
> Read about LastPass. Your last-pass vault is encrypted and stored in the
> cloud.
>
> -Steve

Yah, lastpass rox. -- Andrei