Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[Brian]

On Wed 02 Sep 2020 at 18:31:43 -0500, John Hasler wrote:

> While storage in a file fine for trivial passwords such as those for
> social sites storing important ones on the computer is a bad idea,
> encrypted or not.  So is copying and pasting them.

Storing passords on paper in the clear ok, but encrypted in a file
is not? I do not have any trivial passwords; all are important. Copy
and paste may be dispensed with.

-- 
Brian.

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[John Hasler]

While storage in a file fine for trivial passwords such as those for
social sites storing important ones on the computer is a bad idea,
encrypted or not.  So is copying and pasting them.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[tomas]

On Wed, Sep 02, 2020 at 08:38:41PM +0100, Brian wrote:
> On Wed 02 Sep 2020 at 11:34:27 -0500, John Hasler wrote:
> 
> > tomas writes:
> > > When a passphrase is long (16) I keep a little scrap until it is
> > > memorized.
> > 
> > I just follow Bruce Schneier's advice and write all of my (random)
> > passwords down.  I end up memorizing the ones I use most, though.
> 
> This memorisation of a vast number of passwords is the killer, of
> course, so writing all passwords down is a good idea. Why not record
> them in passwd.text? Then
> 
>   scrypt enc passwords.txt passwords.enc
> 
> For access:
> 
>   scrypt dec passwords.enc
> 
> and copy and paste.
> 
> A password is required for decrypting passwords.enc. *M05o05m19m19a?
> would do nicely. Just a single password to remember. It couldn't get
> simpler.

Basically this is what I said I do: The passwords I use regularly
are in L1 cache (my head), the others in an encrypted text file
(additionally protected by the LUKS encryption around it).

Cheers
-- t


signature.asc
Description: Digital signature

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[Brian]

On Wed 02 Sep 2020 at 11:34:27 -0500, John Hasler wrote:

> tomas writes:
> > When a passphrase is long (16) I keep a little scrap until it is
> > memorized.
> 
> I just follow Bruce Schneier's advice and write all of my (random)
> passwords down.  I end up memorizing the ones I use most, though.

This memorisation of a vast number of passwords is the killer, of
course, so writing all passwords down is a good idea. Why not record
them in passwd.text? Then

  scrypt enc passwords.txt passwords.enc

For access:

  scrypt dec passwords.enc

and copy and paste.

A password is required for decrypting passwords.enc. *M05o05m19m19a?
would do nicely. Just a single password to remember. It couldn't get
simpler.

-- 
Brian.

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[John Hasler]

tomas writes:
> When a passphrase is long (16) I keep a little scrap until it is
> memorized.

I just follow Bruce Schneier's advice and write all of my (random)
passwords down.  I end up memorizing the ones I use most, though.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[tomas]

On Wed, Sep 02, 2020 at 09:20:18AM -0400, rhkra...@gmail.com wrote:
> On Wednesday, September 02, 2020 03:34:30 AM to...@tuxteam.de wrote:
> > The thing is... I didn't know I can easily memorize that until I
> > tried! It's like getting up early without an alarm clock. If you
> > trust yourself, it kind of magically works.
>  
> Until you (and/or your brain reach a certain age, when you start forgetting 
> things you once had memorized.  Make sure you have "hard copy" backups 
> somewhere (could be on paper, electronic, or ).

I'm millionaire (in years, and in binary, FWIW :)

When a passphrase is long (16) I keep a little scrap until it is memorized.
Then it's in. Things happen, but then, I can be run over by a bus, too.

Cheers
 - t


signature.asc
Description: Digital signature

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[rhkramer]

On Wednesday, September 02, 2020 05:16:12 AM Andrei POPESCU wrote:
> On Ma, 01 sep 20, 19:39:53, rhkra...@gmail.com wrote:
> > That can be a good approach, but a modern approach seems to be tending
> > towards multiple whole words, e.g. "book swimming Wednesday conduct"
> > (all together as a password.

> > I've read articles about the approach, but don't remember enough to
> > explain it very well.
> 
> https://xkcd.com/936/

Ahh, yes, thank you -- one of the most memorable (even though I forgot it) and 
easy to understand!!

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[rhkramer]

On Wednesday, September 02, 2020 03:34:30 AM to...@tuxteam.de wrote:
> The thing is... I didn't know I can easily memorize that until I
> tried! It's like getting up early without an alarm clock. If you
> trust yourself, it kind of magically works.
 
Until you (and/or your brain reach a certain age, when you start forgetting 
things you once had memorized.  Make sure you have "hard copy" backups 
somewhere (could be on paper, electronic, or ).

> I love tech, I'm a geek. But if the only raison d'être of tech is
> to avoid discovering one's own capabilities, I'd rather pass.
> 
> YMMV, but generally speaking, the quintessence is that yo're capable
> of things you never knew of.

!!

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[Andrei POPESCU]

On Ma, 01 sep 20, 19:39:53, rhkra...@gmail.com wrote:
> 
> That can be a good approach, but a modern approach seems to be tending 
> towards 
> multiple whole words, e.g. "book swimming Wednesday conduct" (all together as 
> a password.
> 
> A password like this can be easier for a person to remember (especially if 
> you 
> create a mnemonic to go with it) and be harder for a computer to guess.
> 
> I've read articles about the approach, but don't remember enough to explain 
> it 
> very well.

https://xkcd.com/936/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[tomas]

On Wed, Sep 02, 2020 at 11:30:44AM +1200, Ben Caradoc-Davies wrote:
> On 02/09/2020 06:42, Mike McClain wrote:
> >On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote:
> >
> >>my memory is poor, i can't remember many accounts and passwords
> > The more experience you have the harder it is to find the
> >memory you're searching for. That's my story and I'm sticking to it.
> Yes, you can't pour a gallon of knowledge into a shot glass without
> spilling a few drops (for those of us old enough to remember Married
> with Children).

And still -- you all know this model is flawed.

After dabbling with mnemonics and things for *years*, I got fed up
with all of that and tried... semi-random passwords. Like those made
up by pwgen.

My hard disk encryption password is 16 characters long, likewise
my backup's encryption (they're different, thanks for asking :)

They look like this:

  tomas@trotzki:~$ pwgen -N 1 -n 16
  ORoonaif5uqueo6o

Less sensitive things, like my login are eight chars.

Of course, that's only good for passwords I use often (the L1 cache,
roughly five entries). For the others, I have an encrypted plain
text file. This last passphrase has to be in cache, like that of
the LUKS disk encryption (ORed with the backup, phew ;-)

The thing is... I didn't know I can easily memorize that until I
tried! It's like getting up early without an alarm clock. If you
trust yourself, it kind of magically works.

I love tech, I'm a geek. But if the only raison d'être of tech is
to avoid discovering one's own capabilities, I'd rather pass.

YMMV, but generally speaking, the quintessence is that yo're capable
of things you never knew of.

Cheers
 - tomás



signature.asc
Description: Digital signature

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[Tom Dial]

On 9/1/20 17:39, rhkra...@gmail.com wrote:
> On Tuesday, September 01, 2020 02:42:50 PM Mike McClain wrote:
>> On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote:
>> 
>>
>>> my memory is poor, i can't remember many accounts and passwords
>>
>> The more experience you have the harder it is to find the
>> memory you're searching for. That's my story and I'm sticking to it.
> 
> +1 ;-)
> 
>> Mnemonics can make passwords relatively easy to remember and can
>> be very secure if chosen carefully.
>> Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a?
>> I have an AT&T account and an address I haven't lived at in 50 years is
>> 5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;.
>> That should give you the idea, a mix of upper and lower case,
>> numerals and punctuation selected from things no longer current can make
>> good passwords easy to remember.
> 
> That can be a good approach, but a modern approach seems to be tending 
> towards 
> multiple whole words, e.g. "book swimming Wednesday conduct" (all together as 
> a password.
> 
> A password like this can be easier for a person to remember (especially if 
> you 
> create a mnemonic to go with it) and be harder for a computer to guess.

Four randomly chosen words from the Oxford English Dictionary would be
comparable to a 14 character random (or cryptographically secure
pseudorandom) string chosen from upper and lower case letters and digits.

Much is made of the fact that most people can remember a string of words
more effectively than a meaningless string of letters and numbers.
However, that is not at all self-evident if the common recommendation of
unique and unrelated authentication secrets per account is incorporated.
I have, overall, more than a hundred distinct accounts on systems and
with vendors, nearly all of them unique; I find a password manager
(KeepassX) a much easier way to generate and manage the authentication
secrets, and use a pass phrase word combination only to secure the
password database.

Regards,
Tom Dial

> 
> I've read articles about the approach, but don't remember enough to explain 
> it 
> very well.
> 
> 
> 
>> GRC.com has a password checker

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[rhkramer]

On Tuesday, September 01, 2020 02:42:50 PM Mike McClain wrote:
> On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote:
> 
> 
> > my memory is poor, i can't remember many accounts and passwords
> 
> The more experience you have the harder it is to find the
> memory you're searching for. That's my story and I'm sticking to it.

+1 ;-)

> Mnemonics can make passwords relatively easy to remember and can
> be very secure if chosen carefully.
> Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a?
> I have an AT&T account and an address I haven't lived at in 50 years is
> 5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;.
> That should give you the idea, a mix of upper and lower case,
> numerals and punctuation selected from things no longer current can make
> good passwords easy to remember.

That can be a good approach, but a modern approach seems to be tending towards 
multiple whole words, e.g. "book swimming Wednesday conduct" (all together as 
a password.

A password like this can be easier for a person to remember (especially if you 
create a mnemonic to go with it) and be harder for a computer to guess.

I've read articles about the approach, but don't remember enough to explain it 
very well.



> GRC.com has a password checker

Re: passwords + bad memory - Was (Re: how to test disk for bad sector)

[Ben Caradoc-Davies]

On 02/09/2020 06:42, Mike McClain wrote:

On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote:


my memory is poor, i can't remember many accounts and passwords

 The more experience you have the harder it is to find the
memory you're searching for. That's my story and I'm sticking to it.
Yes, you can't pour a gallon of knowledge into a shot glass without 
spilling a few drops (for those of us old enough to remember Married 
with Children).


I use and recommend KeePassXC under Debian and KeePassDroid under 
Android to manage passwords without online services. They use the same 
.kdbx file format.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

passwords + bad memory - Was (Re: how to test disk for bad sector)

[Mike McClain]

On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote:

> my memory is poor, i can't remember many accounts and passwords

The more experience you have the harder it is to find the
memory you're searching for. That's my story and I'm sticking to it.

Mnemonics can make passwords relatively easy to remember and can
be very secure if chosen carefully.
Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a?
I have an AT&T account and an address I haven't lived at in 50 years is
5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;.
That should give you the idea, a mix of upper and lower case,
numerals and punctuation selected from things no longer current can make
good passwords easy to remember.
GRC.com has a password checker
HTH,
Mike
--
It seems to me a little shallow that the Creator of the universes
would care whether He was called Yahweh, Allah, Jehovah, The Great
Spirit, Vishnu or any of many other names rather than caring about
how we carry out His commands.  - MM

Re: Bad memory?

[Hall Stevenson]

> I was trying to compile gaim last night, but gcc keeps
> dying of signal 11, here's the output:
>

>
> I've heard that signal 11 is only caused by bad ram, so
> I installed memtest86 on my computer, and after about
> an hour, my RAM passed all the tests.  Could it still be
> bad (It's worked fine for years), or is something else the
> problem?

SIG11's are also caused by a variety of hardware problems. See
this page, http://www.bitwizard.nl/sig11/, for more info.


Hall

Bad memory?

[Cameron Matheson]

Hey,

I was trying to compile gaim last night, but gcc keeps dying of signal 11,
here's the output:

gcc: Internal compiler error: program cc1 got fatal signal 11
make[2]: *** [autorecon.so] Error 1
make[2]: Leaving directory `/tmp/gaim-0.46/plugins'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/gaim-0.46'
make: *** [all] Error 2

I've heard that signal 11 is only caused by bad ram, so I installed memtest86
on my computer, and after about an hour, my RAM passed all the tests.  Could
it still be bad (It's worked fine for years), or is something else the problem?

Thanks,
Cameron Matheson

_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re: Bad memory (was: Linux crashes a lot)

[Philipp Schulte]

On Sat, Sep 02, 2000 at 03:21:36AM -0500, John Reinke wrote: 

> Well, I ran the memtest86 program on my computer, and it looks like I have
> some bad memory. My question is: Is it normal (safe) to have one error on a
> stick of RAM?

If you want to have a stable system then it is not safe!
But I am not sure if your memory really has errors. It might be that
you have a timing problem in your BIOS-Setup. Modern SDRAMs use
something calles SPD to determine the proper timing settings. That is
the reason why you should not use memory from different vendors or
timings.
What might going on is this: Your 64MB RAM is quite fast and it tells
the BIOS it wants to be run with fast timings. But the 32MB RAM does
not support SPD or it does not work correctly so the BIOS does not
know how to handle it and uses the fast settings of the 64MB. 
I remember about reading some BIOSes that just checked the module in
the first bank and left the others untouched.
You could try to run both modules with the slowest possible timings
and run the tests again.

For me it sound very unlikely that every address in the 32MB produces
errors so it might be a timing problem.

Phil

Re: Bad memory (was: Linux crashes a lot)

[Nate Amsden]

John Reinke wrote:
> 
> Well, I ran the memtest86 program on my computer, and it looks like I have
> some bad memory. My question is: Is it normal (safe) to have one error on a
> stick of RAM?

it's not normal but it is safe. you will have to do some modificaitons
to the configuration of the system, i do remember seeing something on
the linux-kernel mailing list about mods to the kernel(i think) that
allowed systems to run with bad memory, the system just did not use
those memory addresses. this was a bitch to track down but here's the
website for the project -
http://home.zonnet.nl/vanrein/badram/

Objective of the project

My objective is to patch the Linux kernel in such a way that it can
handle defective RAM modules. With defective RAM, I mean RAM which has
some bits wrong at some (known)
addresses. Normally, such RAM is considered useless and thrown away; the
larger RAMs get, the higher the chances of failing addresses. With ever
growing RAM sizes, it would
therefore be pleasant to have an alternative to discarding of defective
RAM chips. 


> only the 64 now, and I'll try to recreate the situation where Netscape
> crashes the entire box this weekend. Hopefully, I won't have to replace the
> 64.

least now you know its a hardware problem :) linux is good like that..i
like it's ability to be able to find questionable hardware rather
quickly, once replaced the systems usually run better then ever.

hth

nate

-- 
:::
ICQ: 75132336
http://www.aphroland.org/
http://www.linuxpowered.net/
[EMAIL PROTECTED]

Bad memory (was: Linux crashes a lot)

[John Reinke]

Well, I ran the memtest86 program on my computer, and it looks like I have
some bad memory. My question is: Is it normal (safe) to have one error on a
stick of RAM?

I've got 96MB - a 64 and a 32. I ran the program with only one RAM card in
the computer at a time. The 32 had an error for EVERY address on test six,
so I'm pretty sure that means the RAM is defective. The 64 had one error on
test six when I checked it, but nothing else. I'm running the system with
only the 64 now, and I'll try to recreate the situation where Netscape
crashes the entire box this weekend. Hopefully, I won't have to replace the
64.

john