On Mon, Nov 10, 2014 at 10:19 AM, Ben Finney wrote: > This is only temporary, as we transition to uncrackable brain–computer > interfaces for every device.
I'm not looking forward to the denial-of-service attacks that could introduce :) > Until that future arrives for every device, I'd like people who use > those remaining services still requiring passphrases, to have tools for > generating good passphrases. I would encourage this approach: For remote services that don't yet support sane authentication mechanisms (anything other than a passphrase), complain to their operators, use very long non-memorable randomly generated passphrases (since those have more entropy), automatically rotate them regularly (I joke, rotation of keys/passphrases is still ridiculously impractical) and encrypt them using a local key. For local authentication and local keys, use pass-phrases that are generated using the diceware method (aka not on a computer) and strong enough that they will last until replacement. In both cases, something like xkcdpass isn't needed. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6f_dm63zfpkbfrno_tmdvrrsnysdw4piz491tbz+my...@mail.gmail.com