this post was submitted on 25 Nov 2023
1 points (100.0% liked)
Ethereum
1 readers
1 users here now
Resources
- Website & Blog
- White Paper & Yellow Paper
- Documentation & Stack Exchange
- Learn Solidity
- Source Code on Github
- Bounty program
- Chat on Gitter
- Network Status & Gas Price Market
- List of DApps
- Meetups
founded 11 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Are password managers secure?
Depends on the password manager. With something like KeePassXC, only you have the encrypted passwords file and it's not on some server.
Great, but if KeePassXC is on an online device then itβs vulnerable to being hacked.
KeePass DB is vulnerable if they can crack the master password. If your master password has enough entropy that it would take so many million years to brute force, then you'll be fine.
The Keepass DB can be cracked. https://medium.com/@andreabocchetti88/unlocking-keepass-a-comprehensive-guide-to-crack-the-database-74a2593d676a
I kept a few seeds in my Keepass, I have since removed them after someone at work warned me about this.
That link describes hashcat which uses some of the methods I'm referring to, it's dependent on the password quality. Crappy password will be quick.
It doesn't decrypt it, but tries many combinations of words etc encrypted to compare against the hash.
Even with a good password, I never would want anyone storing seeds in keepass, anything on the computer is a no for storing seeds.
Anything can be cracked this way, this is just a bruteforce of the master password. It can take 300 centuries to crack using NSA servers if it's a strong password.