From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-user+bounces-165586-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id BBB4E138F14
for <garchives@archives.gentoo.org>; Tue, 21 Jul 2015 17:35:38 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 67ABDE087D;
Tue, 21 Jul 2015 17:35:31 +0000 (UTC)
Received: from mail-yk0-f177.google.com (mail-yk0-f177.google.com [209.85.160.177])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 41076E0712
for <gentoo-user@lists.gentoo.org>; Tue, 21 Jul 2015 17:35:30 +0000 (UTC)
Received: by ykax123 with SMTP id x123so172226992yka.1
for <gentoo-user@lists.gentoo.org>; Tue, 21 Jul 2015 10:35:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type;
bh=ZpnWxQui6JbXgDqW+feuB4FUZxWfwWfYM8XpiaHTta0=;
b=xyrY/I33zRB9MnqOXJp/Y4oFOScRblTzYMCcwQWBOO+Dw3GI9WQX/Pgqx/2rCYIiZh
D45WktSIPh/IJZpJZ0/x0KOeA+O9x+AEg0/B/UuB1UFLKFEAgfzvx1v0SQNpIbdXG39h
i+ei+lUsNEUm10A0+dap8PCTYPWZjcws+a3nzpNJzg6ZGKlg34ejr2/5I0ptWO3zvT1A
y+JNLoxuhanDOVC8SPjX4CVa08WDkeA54z5JsN0odU9v+8hF4j3/iTPCF5nz9jm/7HK1
wGpK5G7S7TNenzGjVVLEFuB71ZoqOv54vTRo932ae94/pIrcsq/Bw4YrjebmtqIF5H+F
zk4A==
X-Received: by 10.129.27.15 with SMTP id b15mr19677969ywb.106.1437500129521;
Tue, 21 Jul 2015 10:35:29 -0700 (PDT)
Received: from [192.168.2.5] (adsl-98-95-109-243.jan.bellsouth.net. [98.95.109.243])
by smtp.gmail.com with ESMTPSA id i130sm23829315ywb.21.2015.07.21.10.35.28
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 21 Jul 2015 10:35:28 -0700 (PDT)
Message-ID: <55AE82DF.6070603@gmail.com>
Date: Tue, 21 Jul 2015 12:35:27 -0500
From: Dale <rdalek1967@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Catastrophic bug in the firefox
'ProfileManager' function
References: <20150720161844.1db1d485@a6> <CAGfcS_=bXbH0erP_JTwZaN=pW_A_KbvtGZgVLO5Bganx4oO7Hg@mail.gmail.com> <55ADA326.2090707@gmail.com> <201507210853.59492.michaelkintzios@gmail.com>
In-Reply-To: <201507210853.59492.michaelkintzios@gmail.com>
Content-Type: multipart/alternative;
boundary="------------050302030007080309080003"
X-Archives-Salt: 5a465ee1-3dbc-4b3c-bef0-09d56a93a21a
X-Archives-Hash: 26995d0ad9673b6e1b4926d01b92c00b
This is a multi-part message in MIME format.
--------------050302030007080309080003
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Mick wrote:
> On Tuesday 21 Jul 2015 02:40:54 Dale wrote:
>>
>>
>> I use the random generator too. Some older sites, forums or something=
>> that isn't really sensitive, may still have my old passwords but sites=
>> like banking and such each have their own random generated one. I als=
o
>> try to generate the longest and most complex password the site will
>> allow. Some sites don't allow the characters above the number keys.
>>
>> Another thing, I was at my brothers once and needed to login to a site=
=2E
>> I installed lastpass, typed in my email and master password and I coul=
d
>> go anywhere I wanted just as if I was sitting at my own puter. If it=
>> wasn't for lastpass, I would have had to come home and do what needed
>> doing.
>>
>> So far, this is the best solution I have found and I only use the free=
>> part. ;-)
>>
>> Dale
>>
>> :-) :-)
>
> A better, as in more secure, solution should involve local encryption
and IMHO
> local air-gapped storage. A USB key will do nicely and you can have a
second
> USB key stored in your brother's premises, for disaster recovery
scenarios.=20
> This is because cloud storage:
>
> a) creates a honey pot which attracts attacks[1] and
> b) most of cloud storage is in the US.
>
> [1] https://en.wikipedia.org/wiki/LastPass#Security_issues
>
=46rom what I recall about Lasspass, it does encrypt the data locally the=
n
uploads it. I recall reading that if you lose your master password,
they can't get in it either. All they get is encrypted data. Of all
the things I read about when looking for a password manager, Lastpass
was the only thing that came close to what I wanted. After using it a
while, it is all I need.
https://lastpass.com/how-it-works=20
I've had USB sticks break before. They are also easy to lose. I'd
prefer not to store something that important on a USB stick.
Dale
:-) :-)
--------------050302030007080309080003
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Mick wrote:<br>
<span style="white-space: pre;">> On Tuesday 21 Jul 2015 02:40:54
Dale wrote:<br>
>><br>
>><br>
>> I use the random generator too. Some older sites, forums
or something<br>
>> that isn't really sensitive, may still have my old
passwords but sites<br>
>> like banking and such each have their own random
generated one. I also<br>
>> try to generate the longest and most complex password the
site will<br>
>> allow. Some sites don't allow the characters above the
number keys.<br>
>><br>
>> Another thing, I was at my brothers once and needed to
login to a site.<br>
>> I installed lastpass, typed in my email and master
password and I could<br>
>> go anywhere I wanted just as if I was sitting at my own
puter. If it<br>
>> wasn't for lastpass, I would have had to come home and do
what needed<br>
>> doing.<br>
>><br>
>> So far, this is the best solution I have found and I only
use the free<br>
>> part. ;-)<br>
>><br>
>> Dale<br>
>><br>
>> :-) :-)<br>
><br>
> A better, as in more secure, solution should involve local
encryption and IMHO <br>
> local air-gapped storage. A USB key will do nicely and you
can have a second <br>
> USB key stored in your brother's premises, for disaster
recovery scenarios. <br>
> This is because cloud storage:<br>
><br>
> a) creates a honey pot which attracts attacks[1] and <br>
> b) most of cloud storage is in the US.<br>
><br>
> [1] <a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/LastPass#Security_issues">https://en.wikipedia.org/wiki/LastPass#Security_issues</a><br>
></span><br>
<br>
<br>
From what I recall about Lasspass, it does encrypt the data locally
then uploads it. I recall reading that if you lose your master
password, they can't get in it either. All they get is encrypted
data. Of all the things I read about when looking for a password
manager, Lastpass was the only thing that came close to what I
wanted. After using it a while, it is all I need. <br>
<br>
<a class="moz-txt-link-freetext" href="https://lastpass.com/how-it-works">https://lastpass.com/how-it-works</a> <br>
<br>
I've had USB sticks break before. They are also easy to lose. I'd
prefer not to store something that important on a USB stick. <br>
<br>
Dale<br>
<br>
:-) :-) <br>
<br>
</body>
</html>
--------------050302030007080309080003--