From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6F372138334 for ; Tue, 5 Feb 2019 19:49:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9DB86E0B34; Tue, 5 Feb 2019 19:49:29 +0000 (UTC) Received: from ostrich.birch.relay.mailchannels.net (ostrich.birch.relay.mailchannels.net [23.83.209.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1298DE0B20 for ; Tue, 5 Feb 2019 19:49:28 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|tanstaafl@libertytrek.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id CF60D2837A3 for ; Tue, 5 Feb 2019 19:49:27 +0000 (UTC) Received: from pdx1-sub0-mail-a7.g.dreamhost.com (unknown [100.96.30.62]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0C831283D9E for ; Tue, 5 Feb 2019 19:49:27 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|tanstaafl@libertytrek.org Received: from pdx1-sub0-mail-a7.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.2); Tue, 05 Feb 2019 19:49:27 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|tanstaafl@libertytrek.org X-MailChannels-Auth-Id: dreamhost X-Company-Occur: 77106b17784f8eb3_1549396167214_1820866656 X-MC-Loop-Signature: 1549396167214:2432015985 X-MC-Ingress-Time: 1549396167213 Received: from pdx1-sub0-mail-a7.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a7.g.dreamhost.com (Postfix) with ESMTP id 9C5258070D for ; Tue, 5 Feb 2019 11:49:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h=subject :to:references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=libertytrek.org; bh=o FNb3dYWIL2w5ZwT5Qomi3e8DMs=; b=M8fxMS8TTk+S2nc9WeHTDXYYwkr23OI+8 F6IeZQGdCcaVv6x1nZHwhb1Wbzhj6RavKtptxNOH8MpAl3mnwX19KeGuVcVIbx4O mikG8o7bAqQ5Qb7YQmqg5LZr7vgOxyHFYZplFj80ceG5HKCFsRzyNik7FmKumigp EHgZjP5gAk= Received: from [192.168.0.70] (unknown [204.77.234.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by pdx1-sub0-mail-a7.g.dreamhost.com (Postfix) with ESMTPSA id D81D0801E0 for ; Tue, 5 Feb 2019 11:49:21 -0800 (PST) Subject: Re: [gentoo-user] Coming up with a password that is very strong. To: gentoo-user@lists.gentoo.org References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> <203701cf-b0c8-a2d3-ab49-46fdde2ccc95@libertytrek.org> <1d42622d-ab7c-5673-3f8e-4bc52ddfcfc2@gmail.com> X-DH-BACKEND: pdx1-sub0-mail-a7 From: Tanstaafl Message-ID: <71aa9151-e07d-0838-29c9-fca0240e7af8@libertytrek.org> Date: Tue, 5 Feb 2019 14:49:19 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <1d42622d-ab7c-5673-3f8e-4bc52ddfcfc2@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrkeeigdduvdeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefvrghnshhtrggrfhhluceothgrnhhsthgrrghflheslhhisggvrhhthihtrhgvkhdrohhrgheqnecukfhppedvtdegrdejjedrvdefgedrudejtdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplgduledvrdduieekrddtrdejtdgnpdhinhgvthepvddtgedrjeejrddvfeegrddujedtpdhrvghtuhhrnhdqphgrthhhpefvrghnshhtrggrfhhluceothgrnhhsthgrrghflheslhhisggvrhhthihtrhgvkhdrohhrgheqpdhmrghilhhfrhhomhepthgrnhhsthgrrghflheslhhisggvrhhthihtrhgvkhdrohhrghdpnhhrtghpthhtohepghgvnhhtohhoqdhushgvrheslhhishhtshdrghgvnhhtohhordhorhhgnecuvehluhhsthgvrhfuihiivgeptd Content-Transfer-Encoding: quoted-printable X-Archives-Salt: a2faf4ec-dccd-4c8b-9a97-c077ae578b8d X-Archives-Hash: bb980de89f5ccfebc3fcb177affdbb14 On 2/4/2019, 8:10:57 PM, Dale wrote: > Tanstaafl wrote: >> I've been using a little Firefox Addon called Passwordmaker for many, >> many years, and despite all of its warts, I've been loathe to give it >> up, even though it will never be upgraded to work as a WebExtension. >> >> 2 things I loved about it - >> >> a) it doesn't save the password locally, only info about the >> site/account, and >> b) you can use an unlimited number of Master Passwords >> >> I'm looking at migrating to KeePassXC, and even though I really hate t= he >> idea of saving the actual password - Passwordmaker simply generates th= e >> password on the fly each time based on certain specified criteria (ie, >> the site URL, username, password length, etc for each account - one >> technique I adopted shortly after assisting in updating the >> Passwordmaker website eases my mind about it... >> >> This is a simple technique I strongly recommend that everyone employ, >> especially if you use a Password manager (like LastPass or KeePass)... >> >> It is uncrackable (well, as long as it isn't the CIA or NSA that wants >> to crack it and they are willing to kidnap/torture you to do so). >> >> You sit down and come up with a ... call it a 'password modification >> protocol' ... whereby, you always modify your generated/stored passwor= d >> in a specific way before pressing enter. >> >> For example, you delete characters 3, 5 and 7, then add 2 characters t= o >> the beginning and 2 to the end. >> >> It is very simple, and negates worrying about someone stealing your >> password vault. > I tried to find it just to see how it works but it isn't listed. What... Passwordmaker (the old one I still use and why I keep an old Firefox 56 portable version around)? > From what you wrote, you may want to at least check into LastPass. I did a massive amount of research (including LastPass), and settled on KeePassXC for a good reason. > Still, I'm sure there is a tool that will suite your needs. ? Its like you didn't really read my email. I already said, I'm migrating to KeePassXC. But my complaint is, nothing works like Passwordmaker (again, it doesn't store passwords, can only use one Master Password). > I'm not sure I understand what you mean password modification protocol.= =C2=A0 > It sounds like you change your master password each time you use it. No, I'm talking about the saved (or in Passwordmakers case, generated) password, not the Master Password. Doing this with the Master Password wouldn't make any sense.