Cloud Paranoia
- Thread starter storp
- Start date
It's your data, do whatever you want with it.
I work at a company that provides 'cloud' solutions for healthcare. I would not use cloud storage as a primary means of storage, but backups should suffice. If you're paranoid about it like other people on this forum you can encrypt each volume manually before you upload it to whatever service you are looking at.
Personally, a local primary storage is always (always) going to be a preferred solution.
I work at a company that provides 'cloud' solutions for healthcare. I would not use cloud storage as a primary means of storage, but backups should suffice. If you're paranoid about it like other people on this forum you can encrypt each volume manually before you upload it to whatever service you are looking at.
Personally, a local primary storage is always (always) going to be a preferred solution.
storp
Member
I have a couple free options with software I bought. One of them is with Cyberscrub privacy suite. But Acronis True Image will also backup to cloud.
Great for something catastrophic even though I'll backup to a second physical location.
I think my Sandisk thumbdrive also came with some space.
But obviously don't want an entire PC image hacked.
Last edited:
Agent Smith
Well-Known Member
I use three cloud storage sites for backups. Depending on the data you can encrypt with a SFX archive using 7Z. That uses AES 256 and if the password is upper, lower case letters, numbers and symbols no one is getting the data. You could also opt for a Truecrypt container. Drop the data in the Truecrypt container and then dismount and upload the file to the cloud.
Whole partitions are a little different though. I would never upload my computer to the cloud, but rather use a clone on an external drive plus a NAS box. http://www.newegg.com/Product/Produ...der=BESTMATCH&Description=nas&N=-1&isNodeId=1
Whole partitions are a little different though. I would never upload my computer to the cloud, but rather use a clone on an external drive plus a NAS box. http://www.newegg.com/Product/Produ...der=BESTMATCH&Description=nas&N=-1&isNodeId=1
storp
Member
Agree on the partitions. And already do the clone thing but not familiar with the NAS box.
But the Truecrypt - came across this claiming its development is terminated http://truecrypt.sourceforge.net/ You still comfortable using it?
Agent Smith
Well-Known Member
Read this. https://www.grc.com/misc/truecrypt/truecrypt.htm
I'm following the ongoing audit here. http://istruecryptauditedyet.com/
First phase complete. Other than some crappy code it looks good. Even Crypto guru Bruce Schneier still uses it and I believe used it on an air gapped computer with Wikileaks documents from Edward Snowden.
I used to be a member at the TC forums. Now it's poof, gone a breeze in the wind. I personally think It's a Lavabit BS thing. http://en.wikipedia.org/wiki/Lavabit
I'm following the ongoing audit here. http://istruecryptauditedyet.com/
First phase complete. Other than some crappy code it looks good. Even Crypto guru Bruce Schneier still uses it and I believe used it on an air gapped computer with Wikileaks documents from Edward Snowden.
I used to be a member at the TC forums. Now it's poof, gone a breeze in the wind. I personally think It's a Lavabit BS thing. http://en.wikipedia.org/wiki/Lavabit
Last edited:
ScottALot
Active Member
Just a PSA: Length of the password trumps complexity. 26 possible characters for strictly lowercase vs. 72 upper,lower,numbers,symbols seems like the 72 trumps hugely, but if you have a purely lowercase password with ~4 more characters for the most common password lengths, you get similar or greater security than the shorter more complex password.
So in short, ihadatastybrunch is more secure than 1luVBrnch!%
Last edited:
Agent Smith
Well-Known Member
No, your wrong. That password can be grabbed with the aid of a dictionary attack and clever password brute forcing with specific algorithms. Common words are a no, no. I bet even if that all lower case long password if Bcrypted could be decrypted by a Titan in no time at all. Hell, I bet this site still uses MD5.
Type those two passwords in here. http://www.passwordmeter.com/
Do not use your passwords in any website however.
Type those two passwords in here. http://www.passwordmeter.com/
Do not use your passwords in any website however.
Last edited:
ScottALot
Active Member
That only works for passwords with common and relatively few words.
You have to realize that there are over 1 million words in the English dictionary... even though in "ihadatastybrunch" the words "i", "had", and "a" are extremely common and would be guessed first, "tasty" and "brunch" are not common words that you'd expect to find in a password.
Sure, if the password was just "tastybrunch" it might be guessed, but there are *Five* words here.
Even if we don't use ~90% of the words in the dictionary, that's still 100,000^5 which is *HUGE*.
And when you get to four, five, or more words, it's not like there's some obvious combination of the words that is the only one that can make sense.
For my example, you could have "ihadatastybrunch" (I had a tasty brunch), "hadiatastybrunch" (Had I a tasty brunch?), "ihadtastybrunch", "hadatastybrunch", "atastybrunchihad", etc...
The issue you're pointing out with dictionary attacks, rainbow tables, and the like, becomes moot as you go from 2-3 words to 5+.
Agent Smith
Well-Known Member
The mere fact I thought of an algorithm that would use dictionary based words means that a password like that can be hacked. Especially with a GPU Titan or two. I have a dictionary that is at least 300 MB in size. I could use it and find that password. Security experts all say to make a password that is a combination of upper and lower case letters, numbers and symbols for a reason. Length and complexity matters not just length.
ScottALot
Active Member
Okay, let's see it... even if you programmed it so it was absolutely 100% sure that I was using plaintext lowercase English words, even if I gave you a dictionary file 10% the size of the actual dictionary containing the words I placed in my password, it would still take millennia. The extremely common words placed in the password would be prioritized, but you're hard pressed to figure out where I placed them.
[citation needed]
http://www.infoworld.com/article/2655121/security/password-size-does-matter.html
http://arstechnica.com/security/201...ore-annoying-less-effective-than-length-ones/
http://redmondmag.com/articles/2013/08/14/password-complexity.aspx
https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
Another article that supports Scotts argument itt. Just read it a few days ago, been too lazy to try this technique myself but find it fascinating. Micah Lee, the author of the article, elaborates further in the comments section on how/why entropy works better than random special characters, upper/lower case etc.
Another article that supports Scotts argument itt. Just read it a few days ago, been too lazy to try this technique myself but find it fascinating. Micah Lee, the author of the article, elaborates further in the comments section on how/why entropy works better than random special characters, upper/lower case etc.
Agent Smith
Well-Known Member
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
Now imagine your string of known words used in a password that is hashed with MD5 which is the default hashing for WordPress? I pity the fool. bcrypt would be a lot better. https://news.ycombinator.com/item?id=4512698
The point I'm making here is complexity DOES matter. Length does play a factor, but if it's common words like you posted than that WILL be cracked!
BTW- Bruce Schneier helped develop Blowfish and Twofish.
ScottALot
Active Member
We're not trying to prove that complexity doesn't matter, we're trying to demonstrate that the addition of a couple letters achieves the same result and is more easily memorized. Your argument that using words is foolish is off by quite a bit...
Lower-case letters: 26
Lower, upper, numbers, symbols: 95
So it seems like you have the upper hand, right?
Not necessarily.
Just adding a second character to the lower-case case results in 26^2>95. So really, while higher complexity is better for same-length passwords, varying length has an exponential effect because 26 and 95 are on the same order of magnitude.
Now you also say that using dictionary words is a sure sign of failure.
However, 10% of the dictionary is ~100,000 words. Assuming that the password cracker is absolutely certain that the password is a plaintext English word, which is quite a confident cracker, then a 3-symbol password is about the same complexity as any word, actually the symbols are more complex.
However, if you see that graph I posted, adding two, three words, has a huge affect on password complexity, it's the steepest line on the graph! So the password "busboys" has 100,000^2 possible combinations assuming English plaintext words, 26^7 possible combinations assuming lowercase characters. These are comparable to a symbolic password of length 5, which is not going to be as memorable.
Agent Smith
Well-Known Member
You didn't read that blog I linked to, did you? 
God you guys must have some pretty serious stuff underneath your passwords... Use what you want and move on with it.
Nobody in their right mind should use a blog post as credible evidence...
You didn't read that blog I linked to, did you?
Nobody in their right mind should use a blog post as credible evidence...
Last edited:
I've always found there is a considerable amount of irony as the most paranoid people generally over-protect worthless data.
I've always found there is a considerable amount of irony as the most paranoid people generally over-protect worthless data.
I think it gets to a point were protection is a hobby more than just really protecting yourself. I've seen numerous case of computers were you had to enter bios passwords, hd passwords (one or the other or both) then a user password just to get to a personal account with nothing more than useless files on it.