Is there a USB fingerprint scanner/reader I could use to encrypt my hdd?

Oh, that would actually work aswell I didnt even know this existed. Thanks!

fingerprints aren't meant to be passwords they're meant to be usernames

why does no one understand this reee

Sorry I actually dont know anything about fingerprints and how theyre used in devices. Just came up with the idea

That would mean you would have to set it up in such a way that it unencrypts/encrypts your hard drive for another key to be generated with each thumb scan. Absolutely not worth it.

Do what I do and memorize the key or find a really sneaky spot to put the key, say on a piece of paper, and stow it away behind a picture frame or bury it outside.

And btw, would a u2f key work with Veracrypt or other popular software? Just want to make sure before I buy one

no i meant every device and application uses them as passwords which is fucking stupid for a fingerprint

a fingerprint should be like an username, to recognize the owner or the user, not as a fucking password to grant access

... You're very confused user. Okay so the way passwords work is each time you decrypt the drive you take some string, and you generate a key with it and if the password was correct the key is the key that unlocks the drive. What user wants to do is use his fingerprint as a password

Dumbest fucking idea. The government already has your fingerprints.

Well yes, when I got my ID made, they asked me if I wanted to give them my fingerprints too. I thought that would be a good idea in case I got accused of a crime I didn't do. But I live in Germanistan so Im not that worried about it. Nothing really happens here and I really could care less if the government uses my data for anything

Well guys, would a u2f key work to encrypt my HDD with VeraCrypt or something similar?

If the full disk encryption happens before the kernel is fully loaded it would probably take some hacking to get this to work. Not sure if you could load the module containing drivers prior to that or not.

I dont want to encrypt my OS drive, I want to encrypt another harddrive with confidential data

Let's put it in simple terms:

>Convenience
>Good security.
Pick one and only one.

Just learn how to create good strong passwords and be done with it.
Shit like "buysog80y230y7qeqwqw{{{weay" is not a good password.
"I kicked George Bush in all of his 15 million hyper ultra gigadicks" is.

BIOMETRICS. ARE. SHIT. SECURITY.

What do you need to secure it from? Just parents? Put on a password on OS or BIOS and you are good to go.
Im pretty sure they won't disconnect your HDD or reset CMOS

mostly paranoia

forgot to add: I dont care if my parents find anything, Im a bit more concerned about the government. I'd just feel a bit safer

If you want real security from gov I suggest only using FOSS and complex passwords

Not if you use your cock tip and dont tell anyone thats the code

>Just learn how to create good strong passwords and be done with it.
>Shit like "buysog80y230y7qeqwqw{{{weay" is not a good password.
>"I kicked George Bush in all of his 15 million hyper ultra gigadicks" is.
wrong

ok thanks for that valuble input

Well I use my windows partition to play gaymes, so no FOSS there but I do have my linux partition which I use whenever I dont want to play gaymes and I only use FOSS there. Most of my passwords are complex too.
I just don't feel save enough to encrypt my hdd with a 20 character password, not sure why

Haven't seen a convenient solution for keepass, I doubt there's one for veracrypt. Interested too in OPs question, finger print unlock is nice but doesn't work everywhere

A dictionary attack will beat that in no time.

I actually am OP, I looked into the physical keys and if you want to use one for VeraCrypt, you'd have to use one that costs like $50. The $20 u2f only key can only be used for a couple of websites.

>Shit like "buysog80y230y7qeqwqw{{{weay" is not a good password.
>"I kicked George Bush in all of his 15 million hyper ultra gigadicks" is.

>Making your password out of a string of English words instead of 30 randomly assorted letters, numbers, and symbols is better security/strength wise

Do you know what a dictionary attack is?

Use a magnetic stripe or RFID card

Retard alert

ASSUMING that the thirteen words are randomly picked out of a 50000 word dictionary, isn't that 200 bits of entropy?

Have fun login in to your account in public

an RFID card would be a bit too much, I need something simple, small and if possible cheap. Id have to get an RFID card reader aswell which is probably like $50 if not more so Id be better off just buying the $50 Yubikey which I could use for encryption

The thing about biometrics is that there's no changing that same biometric once compromised.

Do you carry your computer around in public? I dont think so. If you read the thread you'd know this isn't supposed to be for notebook use

I do carry my computer around in public. And it must be sad living alone.

You're all fucking morons.
A evil terrorist hacker trying to steal your account has ZERO CLUE about your password structure.
They cannot make ANY assumptions about it.

Do you know how many common English words there are?
No dictionary attack will get that password any time soon. You are retarded if you think so.
60 random digits have less entropy than 20 random words, even the most common English words. (within reason, of course there are people stupid enough to use "itititititi" as passwords...)
There's 10k+ common English words expected to be used in passwords.
The word "gigadicks" isn't even a fucking English word. That word alone breaks every dictionary attack, period, never mind the rest of the obtuse sentence!
Unless someone is reading the thread, in which case they will add the SI prefixes to their heuristics.
Not that it matters, because the searchspace for that password is UNIVERSE-ENDING long.

cool

>>>/facebook/

>"terrorist hacker"

why the fuck would a terrorist would want to get in your account?

There's no /facebook/ board, loser

>implying their "dictionaries" only consist of real words

What? >>>/reddit/

There's no /reddit/ board either, numbnuts

>Leaving your home with computer is too normie for this board

>Lol u gaiz, u cant speed up cracking w/ dictionaries & letter prediction.
>u hav to iterate all binary sequences

Jesus christ.

A dictionary will beat it because a dictionary attacker can SEE it.
If they can't see it, they cannot possibly know it is X words long, has a number, has a non-standard English word.
Stop using your knowledge and applying it to someone that doesn't have that knowledge.
The curse of knowledge is the biggest reason security issues occur.

Prove it.
Brute-force that password without knowledge of it.
Go through EVERY SINGLE iteration of standard English until you get that sentence.
I'll be waiting several quadrillion years.

Do you?

gb2/lastpass/, Brainlet.

>joke

>your head
Shit man, what's wrong with you? How did you not see that very basic joke?

Heuristics and randomly scraped words from websites still can't beat the ingenuity of retarded made-up words on the spot.
Flerbooble. Done.
I don't think there is a single friend group on this planet that hasn't come up with some stupid shit word only they know and use in unfunny in-jokes.
The instant you use any non-standard word, dictionary attacks fail 100% of the time.
They HAVE to fall back to basic brute-forcing because they cannot make assumptions about the password without knowing it already.
Dictionary attacks work against well-known quotes and phrases, not garbage sentences, they are as garbage as 30 random symbols are.

give it back jamal

...

>Unfunny in-jokes
My injokes are funny as shit you obby-obby

Can I ask how you keep these organized? Obviously the diceware method makes individual passwords easier to remember but with even 5 different passwords you must store them somewhere, right?

Predicting?
Predicting what?
Gmail gives you an accurate per-letter feedback of what letters you got wrong in your password?
Well that's news to me.
OH WAIT, NO SITE IN HISTORY HAS DONE THAT.
You fucking mong.

Alright then, you fucking genius you.
I made a 20 word password.
It has one 2-digit number.
It has one nonsense word.
Where is the number?
Where is the nonsense word?
Exactly. You don't have a clue.
If you don't have a clue, you can't make a single assumption.

>b-b-b-but he can just brute force all the positions for the number and nonsense word ya idiot!
Yeah, meanwhile at 12 quadrillion AD when it doesn't matter.
The search-space for 10k unique words across 20 words is fuckhuge.
You are really underestimating how many combinations of words they need to go through.
There isn't even that many fucking Unicode characters that work in valid passwords for most sites, services and program fields.
To even have a chance you'd need to have a computer the size of a fucking solar system operating at FTL speeds. And even that might take half the universe to brute-force.

Words ARE easy, but the sheer number of them is vastly overwhelming next to the puny Unicode character list.

Shut up yo-you obagiss.

here is a nice video explaining why you are 100% wrong and also stupid

youtube.com/watch?v=7U-RbOKanYs

>I have no argument
>listen to this idiot on youtube explain why I'm still correct
kys

Nope. I just remember them.
It's not really that hard.
And this is coming from someone that had a shit-tier memory when I was young.
I just got gud.
All unique too. Well, besides some shit throwaway sites I don't care for, or those ones with small password fields.

Associating such a silly password with a service is fairly easy if you make the password related in some way too.

The fact you linked computerphile firstly tells me you are a retard and don't actually understand anything about cryptography.
Secondly, you don't even understand that video despite it being explained so plainly.

See tl;dr The search-space for a large sentence is larger than all the unicode character-set in total.

If your hashed password gets out, it doesn't matter how secure your password is, it is how secure the encryption and hashing was from the service provider.
Even if you used a trillion characters, it an get hashed to 20 characters and you are fucked.

>ha ha he is so dumb, 40 billion hashes a second, your password status: BTFO

The sad thing is you think 40 billion is high. kek

>t. butthurt pajeet completely missing the point of password cracking
>"my password is good so password cracking doesnt work"
>sperging out to save face after being proved wrong over and over again

maybe you should take a break from the old Sup Forums, you cant seem to take the heat. i suggest reading up a bit on password cracking though, you're clearly not getting the point

>I'm so knowledgable after the 15 minutes video I linked earlier
>btfo
lmao you're gay af

>you dont understand the video
>it clearly says that cracking passwords with a dictionary attack is more than feasible

i dont even understand how you can be so retarded, are you just making up your own little world as you go

>cracking hashes == cracking passwords

You are so dumb it hurts.
ANY password scheme is useless if a weakly hashed DB gets leaked.
But it won't directly reveal the password even with a weak hash. They are many -> one operations. (One hash can represent multiple things.)
This is why they are doing the dictionary attack against it.

The dictionary attack against it is giving direct feedback that it failed or succeeded.
Try use that brute force against Facebook, see what happens.
Good luck trying your 40 billion a second cracker on that lmao
No password system I've ever heard of has given direct feedback on incorrect passwords, it just says "lol wrong, you dumb cunt"
Most even say the email/account might be wrong for added security.
So it is a case of being unlucky as fuck if a DB gets leaked. No amount of passwords will protect you. This is why 2FA and even 3FA is a thing.

But you still seem to think 40 billion hashes is good.
Protip: we are at SI prefixes you've never even heard of / second required.
These things need to be represented in Knuth notation

>not having a thinkpad with fingerprint reader
kys trash

holy shit how fucking stupid are you, the point is that you run the password cracker against the hashes to see if you get the same hash, not just plug them into facebook

i cant believe you need to have this explained to you

So you have Facebooks database, right?
Exactly, cunt.

As I said:
>So it is a case of being unlucky as fuck if a DB gets leaked. No amount of passwords will protect you. This is why 2FA and even 3FA is a thing.
Learn to read.

Id love to have one but I simply cant spend money on that right now

>he thinks facebook stores its passwords in a database

do i really need to go over the concept of hashing with you? this is just getting absurd

???????????????????????
You don't have $200 to get a thinkpad?
K Y S
Y
S

You're either really dumb or trolling.
They store the hashes.

You have the DB, right?
I remember it was passed around on TPB a year back, everyone that's anyone has a copy.

>has everything he needs to do a dictionary attack
>still cant do it

this is the state of ameriburger computer education

Uhm I do but I just dont want to spend it because I already have a notebook (which I could sell I guess but I dont want to go through the hassle) and I could buy better things with the money

0/10, you failed bub.

>0/10
>strung you along for several long-winded autistic meltdown posts
>jokes on you i was only pretending

stay mad pajeet

>autistic meltdowns
>sitting watching a video with friends on Mumble and laughing.

gg you win champ
Daddy is proud kek

>still getting (Yous) in the post-troll phase

I'm a generous man.
I like helping the mentally disabled enjoy taking part.

ok im done its like 1 o clock here goodnight lad

Night toad.

>be retarded
>get called out for being retarded
>pretend you were being retarded all along
classic

Be gentle, he is too busy being raped by Arabs.

Why not a human fingerprint
Then a one time pass or a hardware key?

>I don't know how dictionary attacks work
Seriously, do you faggots really think it's as simple as grabbing random words and joining them until one matches? lmao

Yeah, cry when they get you.