Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
On Mon, Nov 10, 2014 at 10:19 AM, Ben Finney wrote:
> This is only temporary, as we transition to uncrackable brain–computer
> interfaces for every device.
I'm not looking forward to the denial-of-service attacks that could introduce :)
> Until that future arrives for every device, I'd like people who use
> those remaining services still requiring passphrases, to have tools for
> generating good passphrases.
I would encourage this approach:
For remote services that don't yet support sane authentication
mechanisms (anything other than a passphrase), complain to their
operators, use very long non-memorable randomly generated passphrases
(since those have more entropy), automatically rotate them regularly
(I joke, rotation of keys/passphrases is still ridiculously
impractical) and encrypt them using a local key.
For local authentication and local keys, use pass-phrases that are
generated using the diceware method (aka not on a computer) and strong
enough that they will last until replacement.
In both cases, something like xkcdpass isn't needed.