On Friday 16 January 2015 14:38:09, Joel Rees wrote : > > I can remember "TwasBrilligAndTheSlithyToves" and associate it with an > > account. > > > > Before signing up I do > > > > echo TwasBrilligAndTheSlithyToves | sha1sum | base64 | cut -c -30 > > > > The output is what I give to a site as a password. > > Now you're talking sense. Maybe I don't need to answer your questions > about IP spoofing and using strategy instead of pure brute force after > all. > > Although, when you don't have access to a command line that gives you > sha1sum, you're back to having to work hard to remember what you gave > that site for a password. > > Frankly, rot13 or rot42 would get pretty close. But I would prefer a > tool of my own making that I can use to exclusive-or the site name > with my chosen pass-phrase before I pass it to the predictable > shuffle.
That looks like https://www.passwordmaker.org/passwordmaker.html which is available as a firefox/iceweasel plugin and a chrome plugin (if I'm not mistaken). That tool takes one master password (you only have to remember that one) and use it to derive a site specific password based on that password, the url and possibly the user name used on the site. The generated password can be computed at any time and on any computer with those informations and various other options (such as the hash algorithm, the characters included in the password, the password length and so on). Due to the hash algorithm, it is impossible to find the master password from one or even many generated passwords. Nor is it possible to compute the password for another site from passwords harvested on compromised sites. If one site is compromised and the owner ask you to change your existing password, simply change one option in PasswordMaker to generate a new password. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501161551.08129.frederic.marc...@wowtechnology.com