Re: dropbox security situation
On Mon, 09 Dec 2019 16:31:35 +0100
Jonas Smedegaard <jonas@jones.dk> wrote:
> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > <l0f4r0@tuta.io> wrote:
> >
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated&stored in a dedicated password manager) AND 1
> > > different per service, never the same.
> >
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can modify
> > those to make the results even stronger.
>
> I dislike APG because it generates passwords difficult to remember -
> without aiding in how to deal with that, which has a high risk of
> passwords getting stored on physical notes in the top drawer...
I use 'pwgen', whose manpage begins thus:
*****
The pwgen program generates passwords which are designed to be easily
memorized by humans, while being as secure as possible. Human-memo‐
rable passwords are never going to be as secure as completely
completely random passwords. In particular, passwords generated by
pwgen without the -s option should not be used in places where the
password could be attacked via an off-line brute-force attack. On the
other hand, completely randomly generated passwords have a tendency to
be written down, and are subject to being compromised in that fashion.
*****
Although I almost always use it with its --secure option, since I
don't try to memorize passwords, but instead record them (in a plain
text file) - who can remember hundreds of passwords?
> For strong yet rememberable passwords, I recommend this:
>
> xkcdpass
>
> More information: https://lwn.net/Articles/713806/
>
> (yes, above aricle also references the XKCD cartoon!)
>
> For non-rememberable passwords, I recommend this:
>
> pass
>
> More information: https://lwn.net/Articles/714473/
I suppose that this is just a better, more scalable / manageable
version of what I'm doing by hand - generating secure passwords and
recording them to disk. I'm going to look into it.
Celejar
Reply to: