Password managers

Originally Posted by Ripper
Asymmetric encryption is also known as public key encryption. This means that different keys are used for encrypting and decrypting the message. This is useful, for example, for encrypted email exchange. You can make public the encryption key, so anyone can send you an encrypted message, but you keep the decryption key to yourself, so only you can decrypt the messages. This is used extensively on the internet.

Symmetric encryption means that the same key is used for encryption and decryption. This is typically used for encrypting data on your own computer, where only you need to know the key. Bitlocker on windows works this way.

Because of the different ways they work, they use different algorithms and different types of complex mathematical problems to make the data extremely hard to decrypt without the key.

Although we don't have practical quantum computers yet, we know how quantum computer science must work, and people have been working on the maths for decades. We know that quantum computers will be extremely fast at calculating the types of problem used by asymmetric encryption, and will likely be able to break some of it. They are not as good at solving the problems used by symmetric encryption, and if the symmetric encryption is complex enough, there no known way that any computer could break it without taking billions of years and astronomical amounts of energy.

Thanks

Originally Posted by Ripper
Asymmetric encryption is also known as public key encryption. This means that different keys are used for encrypting and decrypting the message. This is useful, for example, for encrypted email exchange. You can make public the encryption key, so anyone can send you an encrypted message, but you keep the decryption key to yourself, so only you can decrypt the messages. This is used extensively on the internet.

Symmetric encryption means that the same key is used for encryption and decryption. This is typically used for encrypting data on your own computer, where only you need to know the key. Bitlocker on windows works this way.

Because of the different ways they work, they use different algorithms and different types of complex mathematical problems to make the data extremely hard to decrypt without the key.

Although we don't have practical quantum computers yet, we know how quantum computer science must work, and people have been working on the maths for decades. We know that quantum computers will be extremely fast at calculating the types of problem used by asymmetric encryption, and will likely be able to break some of it. They are not as good at solving the problems used by symmetric encryption, and if the symmetric encryption is complex enough, there no known way that any computer could break it without taking billions of years and astronomical amounts of energy.

We do actually have a "practical quantum computer", well at least it is practical for solving certain kind of problems not easily solvable by normal computers, for example Lockheed Martin is using it. Check out D-wave systems: http://www.dwavesys.com/

I am just waiting for their IPO, I'd really like to get my hands on their stocks.

The D wave is controversial, and the jury's out on whether it's a "true" quantum computer.

It uses quantum annealing to do very limited set of things, and is not a computer in the normal sense.

Said one physicist:
"Just because [their chips] are quantum, that doesn’t make them a quantum computer," says Kuperberg. "That's like saying that any invention that is influenced by air must be an airplane. Of course, it's not true; it might instead be bagpipes."

http://www.theverge.com/2016/9/28/13…000-qubit-chip

The problem with current reports on methods to break encryption (quantum or otherwise) is that you can guess that China, Russia, America (NSA), … have a lot of stuff not yet seen. That doesn't mean that general quantum computers ahve been created but then again they aren't trying to solve general problems; just a very narrow one. If you couple this with 10+ years vulnerabilities in ssl layer (not generally known and a few inserted or mandated by govt) discovered in the past 18 months you have to suspect that there are quite a few unknown to the general population but known to specific individual vulnerabilities in the tools and methods used for encryption.
-
The end result is (imho) pick extra long keys keep up with technology and over time update as technology chanages. Btw 256Kb is a pretty weak key these days for asymetric encryption.

Originally Posted by you
The problem with current reports on methods to break encryption (quantum or otherwise) is that you can guess that China, Russia, America (NSA), … have a lot of stuff not yet seen. That doesn't mean that general quantum computers ahve been created but then again they aren't trying to solve general problems; just a very narrow one.

I tend not to be too moved by the argument that the limits of our knowledge could be undermined by the possibility of what some party might have discovered in secret. We could put that asterisk after anything we currently understand to be true. For example, I would say that matter cannot be accelerated to the speed of light, but, we could always add the asterisk that the Russians or Area 51 might secretly have found ways to invalidate that law.

When it comes to the limits of computing hard problems, there are similar fundamental barriers. If we could take the limits off our ability to process information, we would break down the limits of what we understand to be reality, in the same way we would if we could break the speed of light. Here is a quote from a physics lecture that sums up quite well the implications of taking the fundamental limits off our ability to compute.

"What's the problem with being able to solve NP-complete problems in polynomial time? Oy, if by the end of this class you still don't think that's a problem, I will have failed you…

Seriously, of course we don't know whether NP-complete problems are efficiently solvable in the physical world. But in a survey I wrote a couple years ago, I explained why the ability to solve NP-complete problems would give us "godlike" powers -- arguably, even more so than the ability to transmit superluminal signals or reverse the Second Law of Thermodynamics. The basic point is that, when we talk about NP-complete problems, we're not just talking about scheduling airline flights (or for that matter, breaking the RSA cryptosystem). We're talking about automating insight: proving the Riemann Hypothesis, modeling the stock market, seeing whatever patterns or chains of logical deduction are there in the world to be seen.

So, suppose I maintain the working hypothesis that NP-complete problems are not efficiently solvable by physical means, and that if a theory suggests otherwise, more likely than not that indicates a problem with the theory. Then there are only two possibilities: either I'm right, or else I'm a god! And either one sounds pretty good to me…" Scott Aaronson.

Now, we can't be quite that absolute about encryption algorithms. The reasons being, we haven't proved how hard they are, and that they rely upon multiple complex logical procedures, so there's always the possibility that there could be an error in the implementation that allows a shortcut past the essential hard maths problem. But, it's also quite possible there is no such weakness. So, the key point I'm driving at is that it's a mistake to assume that strong encryption is likely to be broken eventually, by the march of progress. I think the correct statement is that it is always possible that a strong encryption algorithm could contain a weakness that allows it to be broken, but that it is by no means inevitable, and there is no feasible known way to do it.

Originally Posted by you
If you couple this with 10+ years vulnerabilities in ssl layer (not generally known and a few inserted or mandated by govt) discovered in the past 18 months you have to suspect that there are quite a few unknown to the general population but known to specific individual vulnerabilities in the tools and methods used for encryption.

SSL is a software solution that makes use of asymmetric encryption. There have been weaknesses found in that code, but that doesn't necessarily imply a weakness in the fundamental encryption; if asymmetric encryption is broken (and it looks like it might be eventually) then SSL is broken, but if SSL is broken, that doesn't necessarily mean the underlying encryption is broken. What I would say is that, with asymmetric encryption, we know how it could be broken within the realms of reasonable physics. So, in that particular case, it's not unreasonable to suggest that some powerful agency is further along with that engineering than we might know, and it's fair to doubt its security.

Originally Posted by you
The end result is (imho) pick extra long keys keep up with technology and over time update as technology chanages. Btw 256Kb is a pretty weak key these days for asymetric encryption.

As I mentioned before, asymmetric and symmetric encryption are completely different animals. 256bit would be weak for asymmetric encryption, but it is so astronomically strong for symmetric encryption that that there is no stronger implementation of AES currently available.

Disclaimer: if anyone can't be arsed with that text wall, this gif may be suitable.

Originally Posted by Ripper
The D wave is controversial, and the jury's out on whether it's a "true" quantum computer.

It uses quantum annealing to do very limited set of things, and is not a computer in the normal sense.

Said one physicist:
"Just because [their chips] are quantum, that doesn’t make them a quantum computer," says Kuperberg. "That's like saying that any invention that is influenced by air must be an airplane. Of course, it's not true; it might instead be bagpipes."

http://www.theverge.com/2016/9/28/13…000-qubit-chip

While I do agree with you that there is still a long way to go, I think it is a little bit unfair to not call it a quantum computer, basically we'd probably not call the first normal "computer" created a computer today either in that case.

There are certain problems which this quantum annealing "machine" can solve a lot faster than a traditional computer, and that alone is according to me enough to give it credit. The company Lockheed Martin has already bought 3 D-Wave systems, and they'll buy the new one too, they aren't spending 10's of millions of $'s on these machines for nothing, here is a quite from them ""Through our continued investment in D-Wave technology, we are able to push the boundaries of quantum computing and apply the latest technologies to address the real-world problems being faced by our customers.” "

Originally Posted by GothicGothicness
While I do agree with you that there is still a long way to go, I think it is a little bit unfair to not call it a quantum computer, basically we'd probably not call the first normal "computer" created a computer today either in that case.

There are certain problems which this quantum annealing "machine" can solve a lot faster than a traditional computer, and that alone is according to me enough to give it credit. The company Lockheed Martin has already bought 3 D-Wave systems, and they'll buy the new one too, they aren't spending 10's of millions of $'s on these machines for nothing, here is a quite from them ""Through our continued investment in D-Wave technology, we are able to push the boundaries of quantum computing and apply the latest technologies to address the real-world problems being faced by our customers.” "

It depends on your definition of a computer. If you mean it in a casual sense, as in a machine that does calculations, then you could choose to call it a computer. But, in a computer science sense, a computer has to meet certain criteria - being Turing-complete, generally programmable, etc. The Dwave doesn't meet those criteria. It cannot perform any of the quantum algorithms we mentioned, and it has no potential to do so. It is better to think of it as a limited calculating machine, making use of certain quantum effects.

It makes sense that Lockheed, Google and NASA have invested in these machines - they use them to further their own research, and they see the future potential. But that doesn't mean they are performing tasks of practical use, yet. It hasn't even been established yet that they can do anything of practical use faster than classical computers. Even in the Google reaserch article that Dwave uses for promotion, this is made clear:

While these results are intriguing and very encouraging, there is more work ahead to turn quantum enhanced optimization into a practical technology. The design of next generation annealers must facilitate the embedding of problems of practical relevance.

At this stage it's just about research and proof of concepts. If and when Lockheed has a quantum computer that is practically useful for solving engineering problems, that really would be front page news. As far as I know, they have not yet demonstrated a problem that can't be solved faster with a classical computer.

Originally Posted by Ripper
It depends on your definition of a computer. If you mean it in a casual sense, as in a machine that does calculations, then you could choose to call it a computer. But, in a computer science sense, a computer has to meet certain criteria - being Turing-complete, generally programmable, etc. The Dwave doesn't meet those criteria. It cannot perform any of the quantum algorithms we mentioned, and it has no potential to do so. It is better to think of it as a limited calculating machine, making use of certain quantum effects.

It makes sense that Lockheed, Google and NASA have invested in these machines - they use them to further their own research, and they see the future potential. But that doesn't mean they are performing tasks of practical use, yet. It hasn't even been established yet that they can do anything of practical use faster than classical computers. Even in the Google reaserch article that Dwave uses for promotion, this is made clear:



At this stage it's just about research and proof of concepts. If and when Lockheed has a quantum computer that is practically useful for solving engineering problems, that really would be front page news. As far as I know, they have not yet demonstrated a problem that can't be solved faster with a classical computer.

Well, if companies like Google and NASA is calling it a quantum computer, I don't feel bad for doing so as well, as I am in good company.

As for being practically applicable already now, it can be but only in a hybrid way right now, which means the quantum computer does what it is good at, but passes other parts to a traditional computer to do the heavy lifting. I think it has already produced a more optimal Water Network Optimization for a few cities. As well as some wind and height simulations for lockheed, it might of course be partly bragging as they might not have put a real powerful traditional computer on these problems. Since the presentation event I viewed was sponsored by Dwave.

Regarding performance or such, this is the most interesting research done so far as I know: https://arxiv.org/abs/1512.02206 , after you've read that I think you might have higher hopes of it's potential than you have today. Especially considering the new D-Wave with 2000 qubits is stated as at least 1000 times faster than the old one, as well as many other optimization and practical improvements.

The thing to remember about quantum computers is that with regards to encryption it does not have to be generic; it only needs to solve one problem efficiently. The scarry part will be when (or if) such a beast exist.

I have over 50 passwords in my password manager. All unique and 20 characters long. There is no way that I can remember those myself, without resorting to methods that are most likely known to hackers as well.
Quantum computers are not needed to break most of the passwords as many people use passwords with names or existing words in them and tend to reuse the passwords a lot. They also use methods like a base password and adding something related to the site they log in to, which, once broken, wouldn't be too hard to figure out on other sites as well.
I really don't see that remembering those passwords myself will be safer than using a decent password manager that requires both a password and key file in order to be able to access all my passwords. That one complicated password, I can remember.

Perhaps this should be a new thread soon, but since we already had the discussion here just a note how D-Wave is really making a wave now and more and more companies are using their computers, for example volkswagen. The Quantum is coming

https://www.volkswagenag.com/en/news…ntum-leap.html

Interesting thread, theres some valuable information here. Adding on to your points, there are some good password managers to check out

Overall, I like using password generators so that I have strong passwords, and then combining that with a good password manager so that I don't forget them is ideal.

I've used Roboform for years.

https://www.roboform.com/

It's very convenient, generates as complex passwords as you might desire, and can be customized in several ways. It attaches to most browsers and also is online for when you might need it at a computer say at the library or somewhere you might not have your computer with you. It also has great apps, both for android and apple phones. I have it on my windows laptop (which is my main computer, as I don't own or want desktops any more), my apple ipod touch, and my android smartphone, and it works beautifully on all of them.

You can also store "safe-notes" on it as well, not just passwords. Safe notes are basically notes that you can make about anything you want that you want to keep safe and confidential.

Originally Posted by Ripper
Disclaimer: if anyone can't be arsed with that text wall, this gif may be suitable.

I'm stealing that gif.

Another KeePass2 user here. Have used it at work for quite some time and only recently introduced it at home as well.