Skip to main content
Information Security

Questions tagged [passphrase]

Ask Question

A passphrase is a longer password that typically consists of multiple words.

132 questions
Newest Active Bountied Unanswered
1 vote
1 answer
145 views

Hide password from server

I’m a beginner in cryptography and for my first project I use the client’s password to encrypt some data. More specifically, I use the password as passphrase in RSA private key generation). However, I ...
yolooow's user avatar
yolooow
  • 25
0 votes
0 answers
20 views

Relation between plain text and encrypted in URL [duplicate]

There are several plain text and encrypted text like: Plain text Encrypted text 10101004535 7Za9kHM9OH6tKTrtxy86gw== 10860586924 /nwjXW3MYkcATRS5Xyjx/A== 10480090635 /F0D9ePZffTIiH/P8mK+kw== ...
user23773373's user avatar
user23773373
  • 1
1 vote
0 answers
107 views

Windows decrypting TC volume without passphrase?

I remember having read a blog post or a forum post, some years ago, about a TrueCrypt user whose Windows machine sometimes, at boot, did not ask for the TC passphrase and decrypted automatically the ...
dr_'s user avatar
dr_
  • 5,208
0 votes
3 answers
209 views

How to analyze the security of a custom passphrase?

Let's assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions. Word conditions: The first word is not a valid word and can't be found ...
127 001's user avatar
127 001
  • 56
1 vote
1 answer
160 views

ssh server encrypted key vs password login [duplicate]

In an openssh-server login to a GNU/Linux machine to use a private ssh key encrypted with an N-characters passphrase, then sshd_config: PasswordAuthentication no PubkeyAuthentication yes is it ...
stefd's user avatar
stefd
  • 121
2 votes
1 answer
291 views

Static RAM: Detecting presence and wiping?

As I understand from reading another question here, SRAM may be more dangerous than traditional volatile RAM in terms of storing passwords and other sensitive information. I know that when a computer ...
Albert's user avatar
Albert
  • 39
0 votes
0 answers
319 views

GPG passphrase in the cache as a hash?

I understand that nowadays passwords are not stored in plaintext, only as password + salt and hashed (minimum). But I haven't found any exact confirmation that gpg does NOT store (cache, place in RAM) ...
NewLinux's user avatar
NewLinux
  • 695
29 votes
6 answers
7k views

Is it insecure to display the number of characters when users enter a new passphrase?

When users are entering a new passphrase somewhere, it's helpful to provide feedback on the number of characters received by the system. In a user experience (UX) test I just ran, my user created a ...
colan's user avatar
colan
  • 399
-2 votes
2 answers
2k views

Why should we only keep the private key secret, why not the public key? [duplicate]

If I am not wrong, both private key and public key are the same since communication is possible only if both keys are matching. So, why we should only keep the private key secret, why not public key? ...
Sann's user avatar
Sann
  • 43
0 votes
1 answer
156 views

Does knowing part of a passphrase for sure really mean that you can "disregard" that entire part when trying to crack it?

Alice bought 1 Bitcoin and encrypted her wallet.dat in Bitcoin Core. Samantha, Alice's friend, notices the Bitcoin price skyrocketing and, while Alice is in the bathroom, steals Alice's wallet.dat as ...
H H's user avatar
H H
  • 1
2 votes
1 answer
168 views

How can the passphrase matter besides the very most obvious patterns? [duplicate]

Let's say that my passphrase is: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaapassword9 Yes, it looks ridiculous. But only because we already know it. An attacker, trying to brute-force their way into this ...
S. Kearns's user avatar
S. Kearns
  • 21
3 votes
2 answers
451 views

How secure is the getapassphrase.com approach to password generation?

getapassphrase.com is a website that generates passphrases. The user sets a complexity in bits, and the site spits out results like: liberal panda and ill asp decline young suit in Kansas or rowdy ...
Drubbels's user avatar
Drubbels
  • 133
12 votes
3 answers
3k views

Diceware as a passphrase for online accounts

I'm reading about Diceware and cryptography in general and I know how secure Diceware can be. I stumble upon this part on The Intercept about Diceware and it says: "You don’t so much need them ...
ronfc's user avatar
ronfc
  • 121
8 votes
2 answers
359 views

Randomly selected words converted into sentence. Did I lose passphrase strength or gain it?

I got 5 dice and opened EFF's wordlist, and generated a random five-word passphrase (all letters small with spaces, no punctuation) for my PC. The words were making up a meaningful scene in my mind, ...
user's user avatar
user
  • 275
0 votes
2 answers
642 views

openssl, recover passphrase with encrypted and not encrypted file

Some of my colleague give me 2 file of private key (one is encrypted and the other is decrypted) and a passphrase. But it seems that is the wrong passphrase. Is it even possible to recover the pass ...
bizard's user avatar
bizard
  • 3

15 30 50 per page
1
2 3 4 5
9