frustrate shouldservers
Jude DaShiell
jdashiel at panix.com
Sat Feb 4 11:04:39 UTC 2017
Only if you write that password down in the same way you key it in. In my
case and I suspect the cases of others here the compromiser would also
have to be able to read braille. On Sat, 4 Feb 2017, Kyle wrote:
> Date: Sat, 4 Feb 2017 03:55:03
> From: Kyle <kyle4jesus at gmail.com>
> Reply-To: Linux for blind general discussion <blinux-list at redhat.com>
> To: Linux for blind general discussion <blinux-list at redhat.com>
> Subject: Re: frustrate shouldservers
>
> I still think the most secure password is the one you don't have to store
> anywhere other than in your brain. Any stored password, even the one on
> paper, can be stolen and compromised. However, I don't think anyone has yet
> found a way to steal passwords by reading thoughts. That said, any password
> should be able to be retained in memory, but also has to be complex enough
> that it can't be guessed or attacked using a dictionary. A thread came up in
> another list where translation to grade 2 braille and then to the computer
> braille symbols that have the same dot patterns was proposed. For example,
> your password could be something like ",? pass~w w 3fuse y4" which translates
> back to "This password will confuse you." On that thread, UEB was mentioned
> as a stumbling block to future attempts to translate passwords in this way,
> but if you are able to do this without computer aided translation, you may of
> course use oldschool braille rather than UEB. Other methods such as adding
> symbols to the password seem good as well, as long as any arbitrarily added
> symbols are not so complex as to make it too hard to retain in memory.
> Something like "This.is.my.password" may be easy to crack, but
> "This-is-my.new.passworde ..." may be harder, but is still easy enough for
> the user who created it to remember. On the other hand, I find that computer
> generated or overrandomized passwords are best used only as one-time
> passwords that immediately expire, as they are the easiest to compromise,
> especially long ones, due to the fact that they ultimately have to be stored
> somewhere, and probably even <gasp> copied and pasted. Those are definitely
> best sent over e-mail or other insecure channels, as they force a change, so
> you immediately know if your one-time password was compromised before you
> ever tried to use it. In such cases, it seems most secure to create a new
> password that meets the criteria above of being completely memorable by you,
> but guessable by no one else. Only you know how your brain works and how you
> best remember things, so any examples given are only examples. The most
> important thing is to employ the aid of a computer as little as possible, and
> never write the password down anywhere. Just my random thoughts.
> Sent from the starship Enterprise
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list
>
--
More information about the Blinux-list
mailing list