On Wed, 11 Jan 2012 11:04:01 -0500 Tanstaafl <tansta...@libertytrek.org> wrote:
> On 2012-01-11 9:16 AM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > > On Wed, 11 Jan 2012 07:26:07 -0500 > > Tanstaafl<tansta...@libertytrek.org> wrote: > >> I couldn't live without Passwordmaker (Firefox Addon), with it, I > >> can have as strong and random passwords as I want on every site, > >> it auto fills the username/password for me (if it is a web login > >> page), but doesn't store any password anywhere... > > > Of course it stores the password somewhere. How else could it log > > you in next time? It isn't magic, it retrieves the password from > > somewhere. > > Nope, it generates it on the fly every time. It uses the current URL > (or if you create a custom account for that URL, whatever you tell it > to use), the username (if supplied), and a few other URL unique > attributes to compute it, and if you create a custom account, it > offers many other options... > > I highly recommend it... it does have a small learning curve, but the > website will teach you most of what you need to know (I even authored > a lot of the wiki)... > > http://passwordmaker.org/ > I haven't read the site yet, but just on the basis of your description, all I'm seeing is a teeny-weeny amount of entropy leading to passwords that are very easy for computers to compute. The algorithm is probably known and there can't be that many unique attributes to a URL, leading to a very small pool of random data. In fact, I see this as a distinct possibility: http://xkcd.com/936/ Feel free to correct me if I'm wrong. -- Alan McKinnnon alan.mckin...@gmail.com
