I did a quick search and noticed by default pbkdf2 is not used... Check
this out,
https://security.stackexchange.com/questions/84482/do-gpg-and-openssh-use-key-stretching-on-their-keypairs
Seems worth it, but hardware solutions still seen preferable and have anti
hammering.
On Tue, Jun 25, 2019,
On Wed, 26 Jun 2019 10:41:03 +1000, asymptosis via arch-general wrote:
>In practice, I believe any decent password cracker would start with a
>dictionary of the most common word
There are some common human patterns. In music for example it's unusual
to play a b c d, its more common to play
On Wed, 2019-06-26 at 10:41 +1000, asymptosis via arch-general wrote:
> https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
That's interesting. The most common passwords even don't contain simple
patterns as reversed words, such as "drowssap". It's funny that
"aleatoric" is a very
Thanks so far! Last two mails collected here.
First guess: hardware failure?
> Does the display work at startup? Like does it POST and do you have a boot
> loader?
Not on the external screen. That was what I expected for the UEFI setting “Post
on hdmi”.
That could lead to failed port?
> Do
> Doesn't the actual key get derived using pbkdf2 with many iterations making
> brute force of even fairly weak passphrases time consuming?
Arguing that weak passphrases are okay because the hash is strong is making
the assumption that a password cracker will perform a naive iterative
search over
On Tue, 25 Jun 2019 23:16:04 +0200, mpan wrote:
>> Randomly open a dictionary and then randomly pointing on a word,
>> repeating this a few times, is one way for an artist to get an
>> inspiration.
>>
>> I wonder how safe it is to use such a method to generate a
>> passphrase.
> An old Chinese
On Tue, 25 Jun 2019 19:07:56 -0400, Florian Wehner wrote:
>I wasn’t able to get my HDMI output running on my Lenovo X1 Carbon 6th
>gen today. I run gnome on Wayland. It has been working fine for the
>last few days but completely dead today.
Did an update affect anything?
I'm using
Driver
Doesn't the actual key get derived using pbkdf2 with many iterations making
brute force of even fairly weak passphrases time consuming? I am not sure
it is as critical as one would think. There are more secure options too
such as smart cards / hsm or ssh-ca. Maybe look into those options as well?
Does the display work at startup? Like does it POST and do you have a boot
loader? Do you have another device that you could use to check that the
cable and monitor are not the issue? What graphics card are you using and
which driver? And change to kernel or initrd?
Awhile ago I believe xf86
Hi!
I wasn’t able to get my HDMI output running on my Lenovo X1 Carbon 6th gen
today. I run gnome on Wayland. It has been working fine for the last few days
but completely dead today.
Symptom: The external display detects that an HDMI cable is connected (via
ground?) but there is no signal.
> Randomly open a dictionary and then randomly pointing on a word,
> repeating this a few times, is one way for an artist to get an
> inspiration.
>
> I wonder how safe it is to use such a method to generate a passphrase.
An old Chinese proverb says: do not invent your own crypto.
Diceware
On Tue, 2019-06-25 at 12:41 +0200, Bennett Piater wrote:
>
> On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
> > Six words are just six words out of an assessable vocabulary.
> >
> > "This level of unpredictability assumes that a potential attacker knows
> > that Diceware has been used
On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
Six words are just six words out of an assessable vocabulary.
"This level of unpredictability assumes that a potential attacker knows
that Diceware has been used to generate the passphrase, knows the
particular word list used, and
On Tue, 25 Jun 2019 11:53:11 +0200, mpan wrote:
>You are trying to argue, that it is OK to use pin tumbler locks in
>wooden doors, while everyone can — at nearly the same price — acquire
>10-inch steel gates with scifi eye scanners and a private army to
>defend the gate.⁽ᵗⁱⁿʸ ᵉˣᵃᵍᵍᵉʳᵃᵗⁱᵒⁿ⁾ ;)
:D
On Tue, 2019-06-25 at 11:29 +0200, Bennett Piater wrote:
> On 2019-06-25 11:09, Ralf Mardorf via arch-general wrote:
> > On Tue, 25 Jun 2019 09:35:53 +0100, Ralph Corderoy wrote:
> > > Are you familiar with https://xkcd.com/936/ ?
> >
> > Too funny, that is the method I described and while I was
> "IMO an averaged "strong" but still memorizable passphrase, even when
> following obsolet rules, is ok."
But we do not need to follow any obsolete rules anymore.
> In a follow-up email unfortunately send after your reply, I exactly
> describe the apartment door scenario.
Which I have
On 2019-06-25 11:09, Ralf Mardorf via arch-general wrote:
On Tue, 25 Jun 2019 09:35:53 +0100, Ralph Corderoy wrote:
Are you familiar with https://xkcd.com/936/ ?
Too funny, that is the method I described and while I was writing my
email, you posted that cartoon. However, even this suffers
On Tue, 25 Jun 2019 10:57:55 +0200, mpan wrote:
> In 2015 four men have stolen equivalent of 200M GBP from Hatton
> Garden Safe Deposit. Does that mean you are not locking your door,
> because “thieves can get in anyway”?
You ignore the context of my email. I've also written:
"IMO an averaged
On Tue, 25 Jun 2019 09:35:53 +0100, Ralph Corderoy wrote:
>Are you familiar with https://xkcd.com/936/ ?
Too funny, that is the method I described and while I was writing my
email, you posted that cartoon. However, even this suffers from the
pitfall, that it is not that easy to use this mnemonic
On Tue, 2019-06-25 at 03:00 +0200, Emil Lundberg wrote:
> On Tue, 25 Jun 2019, 01:14 Ralf Mardorf via arch-general,
> wrote:
> > You want to make the packages available for general use. Does general
> > use require behavioral biometric verification and spring guns?
> >
> > Black hats are able
> Black hats are able to hack Google and Facebook, what ever you
> will do, you never ever will be able to reach the level of security
> those and the other most successful computer related companies are able
> to accomplish.
In 2015 four men have stolen equivalent of 200M GBP from Hatton Garden
On 2019-06-25 09:35:53, Ralph Corderoy wrote:
Yes, they exist.
https://www.imperialviolet.org/2018/03/27/webauthn.html is a
comprehensive introduction that will give you terms to feed Google, and
his https://www.imperialviolet.org/2017/08/13/securitykeys.html compares
some of the keys then on
Hi Manuel,
> How strong would you make this master password and where to save this
> one?
Are you familiar with https://xkcd.com/936/ ?
> And I really think that finally someone *has* to come up with some
> replacement for this password nightmare. Some kind of hardware key
> maybe.
Yes, they
23 matches
Mail list logo