![]() I installed Duplicacy-web via installer and copied the following, before first run:Īnything else I can do? I then started Duplicacy - but the web interface says “Please enter the password to encrypt/decrypt the passwords/credentials stored in the configuration file.” Is there a way I can easily Migrate Duplicacy to the new Windows? If there’s no registry stuff, my preferred way to do it is copying application settings as in “%appdata%”, or whereever applications store their data, from the old storage device to the new one. The reason it is very slow is because it is designed to be slow, which means that an attacker could not make it go faster if he wanted to.Īs a result, someone stealing your Password Manager database would still result in your passwords being safe, as long as you used a strong passphrase when setting it up.Now I am finding the time to finally migrate to Windows 10, a lot of work to do, maaaany applications to be installed and reconfigured again. What it actually does is decrypt your Data Encryption Key, and this is done with a very, VERY slow function. The Key Encryption Key is the password you use to "unlock" your Password Manager. An attacker could buy all the computers there are in the world and start guessing keys, they would never find it. This is generally believed to be impossible within the lifespan of your universe. In order to make use of the data, an attacker would need to do one of two things: It is indistinguishable from a random sequence of zeroes and ones. If an attacker steals the data of your password manager, that data alone is useless. They are encrypted with a strong key (called "Data Encryption Key", or "DEK" for short), which again is protected by your password that you remember (the "Key Encryption Key", or "KEK"). When you store your password in a password manager, the passwords are not stored in plain text. ![]() If you are interested in the technical aspects as well, I will explain them as simple as I can. Simply put, you have no disadvantage of using a password manager, and you only put yourself at risk if you do not follow this advice. You claimed that you did not have any technical expertise and did not want to be bothered with answers you would not understand, so I will not bother you with cryptography. I am not looking for a technical answer that I wouldn't be able to understand. ![]() PS: keep in my that I don't know anything about cyber security, encryption, or anything like that. The worst that could happen if someone were to get access to the text file is that he posts stupid questions online under my name :D …something I don't think professional hackers usually do.įurthermore, in order to access the text file containing the passwords, you would need to get into my dropbox (which is protected by a strong password + two-factor authentication), get into my mac (which is protected by a strong password), or access my hard disk (which is encrypted through FileVault).Īlso, if someone breaks into my mac they are gonna have access to the passwords kept in safari anyway. The text file would only include passwords for less important websites and services. So it's not like I am devising a system that needs to keep my most prized assets. I try to be as minimalist as possible even in my online life.įirstly, all the passwords for my core services (gmail, apple id, bank, dropbox) are long, random, and only stored offline in my brain + I use two-factor authentication on all of them. Also I don't want to use any third party services, free or otherwise, just to store my passwords. I want to be platform-independent as much as possible (currently, my passwords are stored in Safari's integrated password manager). ![]() Storing my passwords in a text file kept on Dropbox and accessed through a python script to quickly retrieve the password for the site I want to access. ![]()
0 Comments
Leave a Reply. |