Domain: splashdata.com
Stories and comments across the archive that link to splashdata.com.
Comments · 13
-
Re:This idea is really BS
The latter is O(n*(m!/n)*s) or O(m!s) for n common passwords and m user accounts and s shares. You only need to show that you've found a set of accounts which seem to validate together like this.
Taking a look at the most common passwords gleaned from millions of leaked passwords, we can actually find examples where a hundred or so users have the password "123456". If your threshold is 50 shares and you have 30,000 users (i.e. the typical user count for a shaving forum for straight razor users), an attacker could just use '123456" across a subset.
The big problem here is the factorial term; however, it's probabilistic. We can take the top 10 common passwords and estimate that, say, 20% of the user base has them. If our shares (s) are 50, we can then pick 50*5 = 250 users. If we're going with 5% of the userbase using 12345, it's 50*20 (50 / 4%) = 1000, but it's essentially a binary count.
-
Re:Before they patch the hole
Get with the program. They changed it to 123456 because that's what all the cool kids are using. http://splashdata.com/press/wo...
But of course, it's become industry-standard best practice!
-
Re:Before they patch the hole
Get with the program. They changed it to 123456 because that's what all the cool kids are using. http://splashdata.com/press/wo...
-
Re:Forcing strong passwords in the first place.
SplashID
1. It has apps for most of your OS's (exception being Linux) plus Blackberry, WebOS, and Palm OS
2. Uses AES and 256-bit Blowfish encryption
3. lets you synchronize between desktop and mobile apps and also has an export to encrypted file option you can use as a backup -
SplashID
I've been using SplashID for the last 5 years or so. One of the best apps I ever paid for. It exists on pretty much any major OS you might be using on a PC or - and here's the selling point - any mobile phone.
I've had it successfully synchronize between my PC and Nokia E61i. Before that it was syncing with my Sony Ericsson P990i and P910i. There is an Android version of it out, but unfortunately Android Market is not available in Singapore. I was forced to use SlideME to use the very barebones but still functional gbaSafe.
SplashID uses the 256bit Blowfish encryption method and comes with a built in password generator, with quite a few options like limiting the password to lowercase and numbers and even checks for "pronounceability". It comes with a nice set of icons, you can create custom templates with multiple masked fields and the layout is intuitive. There are several export options, with some compatibility with other formats as well as the standard unencrypted CSV excel file.
-
If you have an Android phone: SplashID
SplashID on your Android phone.
Use one 256bit Blowfish password to access ALL of your passwords. Your phone goes everywhere with you, so do your passwords. If you lose your phone, no big deal. Chances are that person doesn't have the resources to crack that encryption.
Best part is you can use it to fill in forms for websites you visit on your phone, which is good because typing in obscure passwords on a phone can be a challenging feat. -
SplashID
http://www.splashdata.com/splashid/index.asp
It's the most important and most used app on my treo (including as use as a phone)
-
I like SplashID
SplashID is my Palm password vault of choice. Windows and Mac users can also sync it with the associated desktop program. If only it would sync with KDE Wallet, it could be my most favoritist Palm application ever.
-
One Solution
SplashID or similar products give you a strongly encrypted database that you can sync with portable devices; in my case, a Palm OS based phone. I've been keeping my passwords and other sensitive information in there for years now. Works great.
You want to make the password protecting that database a good one, though... -
SplashID
I use SplashID.
-
Re:PDA + KeyboardI agree with this...
My palmOne Tungsten|T3 PDA is so capable that I simply have no need to lug a large laptop around.I have even transcoded entire DVDs down to ~400 MB using dvd::rip, put them on my 512 MB SD card and have watched the entire movie on my PDA in Landscape widescreen. The resolution is excellent for a PDA and the 400 MHz X-Scale CPU is very quick. Battery life is OK, but with the BoxWave miniSync (w/Car and Wall adapters) I never worry about it.
The best part is the price of my setup:
$300 PDA
$80 Ericsson T68m BlueTooth Phone
$99 512 MB SD Card
$40 BoxWave miniSync + Accessories
$40 Iambic Agendus Pro
$40 SnapperFish SnapperMail Standard
$50 SplashData SplashWallet
$35 Mapopolis 1-year North America w/o GPS Support
$30 BlueNomad WordSmith
$15 MMPlayer
$12 ZLauncher
$10 PDAMill Solitaire
$0 OliveTree BibleReader+
$0 BigClock
$0 MyCheckbook
$0 HandyShopper
$0 HandZipperLite
$0 IconMgr
$0 SeaTraffic
$0 TuSSH
$0 upIRC (limited shareware)
$0 Warfare, Inc. (shareware demo)
====
$751I actually paid $611 total for all the above because I purchased many of the software items listed above long ago for my previous PDAs, but the above is what someone would pay to buy it now.
-
Re:Screw bluetooth...
Palm OS does have some of the high end market with the high end Clies (NR/NX-70). But I do agree, 32 MB is not enough. Add a couple of dictionaries, some photos, etc. and it fills up damn fast.
-
Store passwords in your PDA (and encrypt them)Store them in a PDA that encrypts and organizes your passwords. A nice product that I use for my Visor (or any PalmOS based PDA) is SplashID. It can have a numeric keypad (for numeric only passwords) to enable you to quickly tap in a PIN to access all your passwords.
Since I carry my PDA with me at all times, somebody has to pry/steal it off me first before they can get my passwords (they have to crack the my passphrase also). At least you have another level of security (compared to a piece of paper) and you're less likely to lose your PDA. The other benefit is that on a PDA, it's easy to organize and search from hundreds of different passwords.
The downside to this is that having all your eggs in one basket. If your PDA is stolen, if somebody can does brute force methods to get your password, all your passwords will be compromised.
That being said, if you have a backup and your PDA does get stolen and you are worried, you could restore your back up to another PDA and quickly change all the passwords before that person has a chance to log in to any compromised accounts.