 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 07/27/2013 03:24 AM, Tom Metro wrote: > That's a consideration, but for now you can also apply the philosophy > that you don't need to be able to outrun the bear, you only need to be > faster than the other guy also trying to outrun the bear. The default > behavior around password hygiene is so poor that anyone using LastPass > ends up being a hardened target compared to the vast masses. That is why my hypothetical bad guy was hoping Lastpass becomes very common, then it will become fertile ground for theft. Passwords have a life span, where one puts them has inertia, decisions made today can stick for years. For example, I was using my Palm Pilot for passwords for well over a decade. Decisions now need to be safe beyond this year. > So I'm wondering whether your "air-gap" (manually transcribing passwords > from another device) has necessitated generating passwords that are less > error prone to human reproduction? Oh, yes. I am a big fan of sensible passwords--and counting entropy in how the password was created. For example, "8e53-arrow-spell-genetic" is pretty easy to type and remember, yet it has 48-bits of entropy in it. Not enough entropy for en encryption key, but plenty for a password. Entropy doesn't have to be hard to type and impossible to remember. -kb
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
