[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

On Mon, Nov 10, 2014 at 10:19 AM, Ben Finney wrote:

> This is only temporary, as we transition to uncrackable brain–computer
> interfaces for every device.

I'm not looking forward to the denial-of-service attacks that could introduce :)

> Until that future arrives for every device, I'd like people who use
> those remaining services still requiring passphrases, to have tools for
> generating good passphrases.

I would encourage this approach:

For remote services that don't yet support sane authentication
mechanisms (anything other than a passphrase), complain to their
operators, use very long non-memorable randomly generated passphrases
(since those have more entropy), automatically rotate them regularly
(I joke, rotation of keys/passphrases is still ridiculously
impractical) and encrypt them using a local key.

For local authentication and local keys, use pass-phrases that are
generated using the diceware method (aka not on a computer) and strong
enough that they will last until replacement.

In both cases, something like xkcdpass isn't needed.



Reply to: