--5I6of5zJg18YgZEa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 24, 2010 at 11:52:20PM +0900, Jean-Julien Fleck wrote: > > @Peter: how do you remember the couple login/password that are > randomly chosen ? Do you store them somewhere ? Speaking only as someone not named Peter, I use a password manager. At the moment, what I use is pwsafe, with a little bit of convenience scripting[1] to get around the lack of a feature or two that I rather wish it had. I may eventually write my own password manager to replace it, but for now I'm too lazy/busy to do so (not to mention the concern over the possibility of writing important security applications and getting it wrong). > > PS: see also http://xkcd.com/538/ Amusing reference. Rubber hose cryptanalysis *is* pretty effective, when circumstances allow it (as in the case of the vague evil plan in the XKCD script). On the other hand, automated brute-force attacks on SSH passwords (for instance) are ongoing on the Internet all the time, and as the state of the art of computer resources and of security cracking advace, what works today to protect against the opportunists out there may not work tomorrow. Using passwords and crypography that might be regarded as "excessively" strong now could just be planning for the future so that they don't have to be changed tomorrow. Just don't expect it to make much difference against, for instance, government agents in a meatspace confrontation. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --5I6of5zJg18YgZEa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkx6U00ACgkQ9mn/Pj01uKWLAgCg69BYKYua1P3QqHPgg+yGFIWv rv4AoLGmDR1etR3q4lX8JbMJufqbTCgF B -----END PGP SIGNATURE----- --5I6of5zJg18YgZEa--