Re: dropbox security situation

To: debian-user@lists.debian.org
Subject: Re: dropbox security situation
From: Brian <ad44@cityscape.co.uk>
Date: Mon, 9 Dec 2019 19:34:29 +0000
Message-id: <[🔎] 09122019192232.0562d392f0d5@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20191209141056.e4a10fc07fd13b58206dba9e@gmail.com>
References: <[🔎] alpine.NEB.2.21.1912071158190.26808@panix1.panix.com> <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071643220.12775@panix1.panix.com> <[🔎] 07122019220045.e913ec2b4cb4@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071819060.3711@panix1.panix.com> <[🔎] 87immrdj4p.fsf@dhh.gt.org> <[🔎] LvadeHz--3-1@tuta.io> <[🔎] 20191209075626.518058c3@jhegaala.localdomain> <[🔎] 157590549515.966557.13274790693691709138@auryn.jones.dk> <[🔎] 20191209141056.e4a10fc07fd13b58206dba9e@gmail.com>

On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:

> On Mon, 09 Dec 2019 16:31:35 +0100
> Jonas Smedegaard <jonas@jones.dk> wrote:
> 
> > Quoting Charles Curley (2019-12-09 15:56:26)
> > > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > > <l0f4r0@tuta.io> wrote:
> > > 
> > > > Usual advice : use strong passwords (i.e. long enough with high
> > > > entropy => generated&stored in a dedicated password manager) AND 1
> > > > different per service, never the same.
> > > 
> > > There is a handy password generator available on Debian, called APG
> > > (Automated Password Generator), which will generate passwords for you.
> > > The default settings yield a fairly strong password, but you can modify
> > > those to make the results even stronger.
> > 
> > I dislike APG because it generates passwords difficult to remember - 
> > without aiding in how to deal with that, which has a high risk of 
> > passwords getting stored on physical notes in the top drawer...
> 
> 
> I use 'pwgen', whose manpage begins thus:
> 
> *****
> The  pwgen program generates passwords which are designed to be easily
> memorized by humans, while being as secure as possible.  Human-memo‐
> rable passwords are never going to be as secure as completely
> completely random passwords.  In particular,  passwords  generated  by
> pwgen without  the -s option should not be used in places where the
> password could be attacked via an off-line brute-force attack.   On the
> other hand, completely randomly generated  passwords have a tendency to
> be written down, and are subject to being compromised in that fashion.
> *****
> 
> Although I almost always use it with its --secure option, since I
> don't try to memorize passwords, but instead record them (in a plain
> text file) - who can remember hundreds of passwords?

Indeed. Memorising is part of the password problem. I've indicated a
possible solution that does not rely on the fallibility of memory in 
another mail.

Your plain text storage method would benefit immensley from using the
scrypt package.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: dropbox security situation
  - From: Celejar <celejar@gmail.com>

References:
- dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: John Hasler <jhasler@newsguy.com>
- Re: dropbox security situation
  - From: <l0f4r0@tuta.io>
- Re: dropbox security situation
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: dropbox security situation
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: dropbox security situation
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: dropbox security situation
Next by Date: Re: dropbox security situation
Previous by thread: Re: dropbox security situation
Next by thread: Re: dropbox security situation
Index(es):
- Date
- Thread