From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6252B138334 for ; Sun, 10 Feb 2019 18:14:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 71A99E09D9; Sun, 10 Feb 2019 18:14:37 +0000 (UTC) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0A682E09B8 for ; Sun, 10 Feb 2019 18:14:36 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id o125so5193478qkf.3 for ; Sun, 10 Feb 2019 10:14:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ec4Pppl82nWrjul8uJnFMqaqfOnd0NCZDNglK4hyzkg=; b=vBjntg+AlMWr2hnjYjzNyzhdA5OCYWvt41neiQaIm9d3JdMB1fW32bz/wOmm7SMXxn sF2AhIN5RnAEoXUXavBEaez0n5vk7IqGPzpnWc0QVeE9SIe4b/7jbXLg7MpmkJk/2V4Y wA5gGD0UbWFFHAW1mwpHpf2Zm8PMqFM+SS82s+1VDBQ7+Fir2j5msPNCll8lxmMW+qKe WFiWsHxtKgzbrZGBepNTiksQBc7mXJ/l9nWO9Df1SW1pM9o8ZMGTehBSDy7tyeWMzQKW rRUvfPz56+ZmFDEYkkIpB9oiG7z+jRj904x1VtkHJs0vVZhBHw+D2+7WbpE7D4yUqyc1 pNDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ec4Pppl82nWrjul8uJnFMqaqfOnd0NCZDNglK4hyzkg=; b=jAm95/jLBbJ+bv5roPr483lSVShFeQwHTil9ByeuqoG8kOmThgWa9gBasdOgOP/xYY fV8NvPy22gtcZiBQ4EHQtYa/U0I4Lv9nRdxsk3uIsDwjE0ldJfCv02xQ30HXbwE7NbqV 2skklfPtSW1W+Aj/yestbMO/j6NHwRK48PPyudRggJjYRkpmxuIEICl4IRVQtn5mva+g 2qAi6XzuiS1G7UR45ePa4cS6HrzDJAGnKR3WG2QymqUaca4Le6ppJGQmR2Esk7ubNbw1 QN6g/+URI2VBZqItbUB3QeBkjP1p8iDiu0o3vBa+p7GVU0yze1QrrS8Scqh26Jc2MUWI IScg== X-Gm-Message-State: AHQUAubSzCAObpM6GXvlouxUVTzJqpOqO2JRHFb7RmQbSBTOCIGlKKH9 iL4ziCrw6jaOoivMADHZPg5Y0rEexQVRGQKAWw2jpA== X-Google-Smtp-Source: AHgI3IaRFiAH+j8BQrwI9v8NfOfOx3mJBasIxBUtq+2BlzJtAI+ujSDXj0CLXe8wsEn0Ztljfiuael9S1hp5ZwHc7iA= X-Received: by 2002:a37:7a87:: with SMTP id v129mr24080723qkc.324.1549822475782; Sun, 10 Feb 2019 10:14:35 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> <20190210191213.f143979ac631765a9dbb6837@gentoo.org> <20190210195934.8446fb0050df0e7256ef0b3b@gentoo.org> In-Reply-To: <20190210195934.8446fb0050df0e7256ef0b3b@gentoo.org> From: Mark David Dumlao Date: Mon, 11 Feb 2019 02:13:59 +0800 Message-ID: Subject: Re: [gentoo-user] Coming up with a password that is very strong. To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: aad78f27-345b-434d-808e-12ce7f13055c X-Archives-Hash: 7a9cb9228a64cdbb803e644899d90b70 On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko wrote: > > On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: > > My password manager does that already. The password I was trying to > > come up with was the master password which I must easily remember, be > > secure and be easy to type. The other passwords I let the password > > manager generate and remember as well. I don't type those so they can > > be anything. > > The line above is approximately the same how I got one of my master > passwords. It is not that hard to remember 30-40 random chars. > Just try typing them several hundred times. I'm serious. That's one of the problems of secure password generation is that human memory is used backwards. Things become encoded permanently in our memory after the fact that we've repeated them several times, but most password generation utilities require you to have perfect memory first, THEN use repetition to enforce it. Both a managed password / algorithmic approach gets this more humanely. You need to first have a reliable way to generate the pssword, and if you typie it enough times, your brain will commit it to memory.