Re: dropbox security situation

To: debian-user@lists.debian.org
Subject: Re: dropbox security situation
From: Celejar <celejar@gmail.com>
Date: Mon, 9 Dec 2019 14:10:56 -0500
Message-id: <[🔎] 20191209141056.e4a10fc07fd13b58206dba9e@gmail.com>
In-reply-to: <[🔎] 157590549515.966557.13274790693691709138@auryn.jones.dk>
References: <[🔎] alpine.NEB.2.21.1912071158190.26808@panix1.panix.com> <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071643220.12775@panix1.panix.com> <[🔎] 07122019220045.e913ec2b4cb4@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071819060.3711@panix1.panix.com> <[🔎] 87immrdj4p.fsf@dhh.gt.org> <[🔎] LvadeHz--3-1@tuta.io> <[🔎] 20191209075626.518058c3@jhegaala.localdomain> <[🔎] 157590549515.966557.13274790693691709138@auryn.jones.dk>

On Mon, 09 Dec 2019 16:31:35 +0100
Jonas Smedegaard <jonas@jones.dk> wrote:

> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > <l0f4r0@tuta.io> wrote:
> > 
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated&stored in a dedicated password manager) AND 1
> > > different per service, never the same.
> > 
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can modify
> > those to make the results even stronger.
> 
> I dislike APG because it generates passwords difficult to remember - 
> without aiding in how to deal with that, which has a high risk of 
> passwords getting stored on physical notes in the top drawer...

I use 'pwgen', whose manpage begins thus:

*****
The  pwgen program generates passwords which are designed to be easily
memorized by humans, while being as secure as possible.  Human-memo‐
rable passwords are never going to be as secure as completely
completely random passwords.  In particular,  passwords  generated  by
pwgen without  the -s option should not be used in places where the
password could be attacked via an off-line brute-force attack.   On the
other hand, completely randomly generated  passwords have a tendency to
be written down, and are subject to being compromised in that fashion.
*****

Although I almost always use it with its --secure option, since I
don't try to memorize passwords, but instead record them (in a plain
text file) - who can remember hundreds of passwords?

> For strong yet rememberable passwords, I recommend this:
> 
>   xkcdpass
> 
> More information: https://lwn.net/Articles/713806/
> 
> (yes, above aricle also references the XKCD cartoon!)
> 
> For non-rememberable passwords, I recommend this:
> 
>   pass
> 
> More information: https://lwn.net/Articles/714473/

I suppose that this is just a better, more scalable / manageable
version of what I'm doing by hand - generating secure passwords and
recording them to disk. I'm going to look into it.

Celejar

Reply to:

Follow-Ups:
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>

References:
- dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: John Hasler <jhasler@newsguy.com>
- Re: dropbox security situation
  - From: <l0f4r0@tuta.io>
- Re: dropbox security situation
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: dropbox security situation
  - From: Jonas Smedegaard <jonas@jones.dk>

Prev by Date: Re: [OT] Google security
Next by Date: Re: dropbox security situation
Previous by thread: Re: dropbox security situation
Next by thread: Re: dropbox security situation
Index(es):
- Date
- Thread