[Discuss] Password managers
Kent Borg
kentborg at borg.org
Wed May 6 20:26:17 EDT 2020
On 5/6/20 7:58 PM, Rich Pieri wrote:
> Proof against dictionary and rainbow table attacks against compromised
> account databases,
Why do you care about rainbow attacks? Once a site is so badly
compromised that an attacker the account database...what difference does
it make if your plaintext password can be acquired? They are so owned.
Unless you have reused that password elsewhere...
> and making brute force atacks against my accounts
> take longer than the low hanging fruit.
I'm content to have password lives that are on-order similar to my life.
I don't see the purpose in password lives that are on-order matched to
longer than the expected live of the universe.
> I call straw man. My passwords are not used by a human being beyond
> generation and copy-pasting into my vaults. Therefore, human-centric
> constraints such as being memorable are unnecessary. Therefore, there
> is no actual cost or loss of security.
Which is near where we started. By having passwords so cumbersome that
they require convenience-driven password management you are betting that
your password manager software is, for some magical reason, bug-free.
-kb
More information about the Discuss
mailing list