Gentoo Archives: gentoo-user

From: Mark David Dumlao <madumlao@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: Coming up with a password that is very strong.
Date: Tue, 05 Feb 2019 20:29:35
Message-Id: CAG2nJkNMf5zV1ZS-w+e3r9DtQoiK0GLM9M3noHPbmuJ1C1xCLg@mail.gmail.com
In Reply to: Re: [gentoo-user] Re: Coming up with a password that is very strong. by Jack
1 On Tue, Feb 5, 2019 at 3:39 AM Jack <ostroffjh@×××××××××××××××××.net> wrote:
2 > The problem I have with many of these suggestions is that I have
3 > multiple devices (two desktops, two laptops, tablet, android phone) I
4 > use sufficiently often that I either need to be able to remember the
5 > passwords or have some way of easily accessing them when I'm not
6 > sitting at my main desktop. Other than using a password manager (which
7 > I do not currently have) how to others deal with this?
8 >
9 > Jack
10
11 Haven't posted here in a long while. I personally do not trust password managers
12 for (1) the same reason you gave above and (2) typically the way around it is
13 they store your passwords in the cloud which is all sorts of facepalm from a
14 security perspective.
15
16 My own solution is actually very simple. I have a "secret algorithm" that
17 incorporates several secrets with a predictable way to generate a site-specific
18 secret. The end result is a 100% predictable way to generate unique passwords
19 for every site that are cryptographically secure from each other (you
20 cannot derive
21 one from the other) which can be generated by any device using the appropriate
22 tools. There is also a protocol for password shifting in case any
23 single password
24 is revealed.
25
26 The long and short of it is that you can combine secure passwords with hashing
27 techniques, site-specific data, and truncation / peppering in a
28 predetermined way
29 that is easy for you to remember but guarantees that the original secret data is
30 irrecoverable. Then all you need is the hashing program on, say, your phone,
31 and you will always be able to generate the site-specific password when needed.
32 In effect the algorithm is your secret, the site-specific password is
33 just a side
34 effect of that secret.
35 --
36 This email is: [ ] actionable [x] fyi [x] social
37 Response needed: [ ] yes [x] up to you [ ] no
38 Time-sensitive: [ ] immediate [ ] soon [x] none

Replies

Subject Author
Re: [gentoo-user] Re: Coming up with a password that is very strong. Neil Bothwick <neil@××××××××××.uk>