Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

To: debian-devel@lists.debian.org
Subject: Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
From: Paul Wise <pabs@debian.org>
Date: Mon, 10 Nov 2014 10:44:41 +0800
Message-id: <[🔎] CAKTje6F_dm63zFpkbFRNO_tMdvrRSnYSdW4piz491tbz+MyeJg@mail.gmail.com>
In-reply-to: <[🔎] 85tx27bxvx.fsf@benfinney.id.au>
References: <[🔎] 20141109081933.24446.59817.reportbug@lavender> <[🔎] 545F6B5A.5040302@debian.org> <[🔎] 8561eoc5jz.fsf@benfinney.id.au> <[🔎] CAKTje6Hsb+LxGw3d112c1vahc2yAu32UVSU-DOuyAOLf6ckeug@mail.gmail.com> <[🔎] 85tx27bxvx.fsf@benfinney.id.au>

On Mon, Nov 10, 2014 at 10:19 AM, Ben Finney wrote:

> This is only temporary, as we transition to uncrackable brain–computer
> interfaces for every device.

I'm not looking forward to the denial-of-service attacks that could introduce :)

> Until that future arrives for every device, I'd like people who use
> those remaining services still requiring passphrases, to have tools for
> generating good passphrases.

I would encourage this approach:

For remote services that don't yet support sane authentication
mechanisms (anything other than a passphrase), complain to their
operators, use very long non-memorable randomly generated passphrases
(since those have more entropy), automatically rotate them regularly
(I joke, rotation of keys/passphrases is still ridiculously
impractical) and encrypt them using a local key.

For local authentication and local keys, use pass-phrases that are
generated using the diceware method (aka not on a computer) and strong
enough that they will last until replacement.

In both cases, something like xkcdpass isn't needed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Ben Finney <ben+debian@benfinney.id.au>

References:
- Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Ben Finney <ben+debian@benfinney.id.au>
- Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Simon McVittie <smcv@debian.org>
- Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Ben Finney <ben+debian@benfinney.id.au>
- Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Paul Wise <pabs@debian.org>
- Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
  - From: Ben Finney <ben+debian@benfinney.id.au>

Prev by Date: Re: inconsistent versions of M-A: same packages
Next by Date: Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
Previous by thread: Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
Next by thread: Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
Index(es):
- Date
- Thread