Re: dropbox security situation

To: debian-user@lists.debian.org
Subject: Re: dropbox security situation
From: Celejar <celejar@gmail.com>
Date: Thu, 12 Dec 2019 22:39:13 -0500
Message-id: <[🔎] 20191212223913.b2c4efabee6bd28343e4b515@gmail.com>
In-reply-to: <[🔎] 12122019213127.3976645288b9@desktop.copernicus.org.uk>
References: <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071643220.12775@panix1.panix.com> <[🔎] 07122019220045.e913ec2b4cb4@desktop.copernicus.org.uk> <[🔎] alpine.NEB.2.21.1912071819060.3711@panix1.panix.com> <[🔎] 87immrdj4p.fsf@dhh.gt.org> <[🔎] LvadeHz--3-1@tuta.io> <[🔎] 20191209075626.518058c3@jhegaala.localdomain> <[🔎] LvlfbFd--7-1@tuta.io> <[🔎] 10122019214739.bdd298adab71@desktop.copernicus.org.uk> <[🔎] Lvvj_XV--3-1@tuta.io> <[🔎] 12122019213127.3976645288b9@desktop.copernicus.org.uk>

On Thu, 12 Dec 2019 23:29:28 +0000
Brian <ad44@cityscape.co.uk> wrote:

> On Thu 12 Dec 2019 at 21:13:06 +0100, l0f4r0@tuta.io wrote:
> 
> > Hi,
> > 
> > 10 déc. 2019 à 23:11 de ad44@cityscape.co.uk:
> > 
> > > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f4r0@tuta.io wrote:
> > >
> > >> 9 déc. 2019 à 19:13 de ad44@cityscape.co.uk:
> > >>
> > >> > How about not having to remember (or write down) any passwords for
> > >> > the places you log in to?
> > >> >
> > >> > https://masterpassword.app/
> > >> >
> > >> > Not in Debian, unfortunately.
> > >> >
> > >> Interesting.
> > >> However, I presume that a specific password modification should not be very
> > >> easy because it seems you rely on a rather fixed encryption seed...
> > >>
> > >
> > > Modifying a password with the masterpassword app is simplicity
> > > itself. There is no fixed encryption seed.
> > >
> > I've read the documentation. User needs to remember all of
> > this:

...

> > site-counter
> 
> I'll give you this. But it would be very unusual to want it. The
> default is generally good enough.

"Very unusual"? Actually, IIUC, you're almost always going to maintain
a whole table of these. As per the documentation:

"The site counter ensures you can easily create new keys for the site
should a key become compromised."

IOW, whenever you need to change the password for a given site, e.g,
because it has suffered a breach, or because of an expiration policy,
you have to either change your master password (and then update every
single password managed by the system), or else increment the site
counter for that site. You then have to keep track of all non-default
site counters.

Of course, these values are not that sensitive, so you can still argue
that this system is safer than storing actual passwords - but it's
still not the stateless utopia promised by the developer.

...

> Your device is stolen or destroyed? You can recover your passwords if
> you can remember your own name and the master password. How about that?

And your site counters - although I suppose trial and error would work
if you haven't changed a password too many times.

Celejar

Reply to:

Follow-Ups:
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>

References:
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: John Hasler <jhasler@newsguy.com>
- Re: dropbox security situation
  - From: <l0f4r0@tuta.io>
- Re: dropbox security situation
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: dropbox security situation
  - From: <l0f4r0@tuta.io>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>
- Re: dropbox security situation
  - From: <l0f4r0@tuta.io>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: dropbox security situation
Next by Date: Install buster, mouse lag
Previous by thread: Re: dropbox security situation
Next by thread: Re: dropbox security situation
Index(es):
- Date
- Thread