secring and dropbox
Aaron Toponce
aaron.toponce at gmail.com
Wed Jul 20 03:32:30 CEST 2011
On Tue, Jul 19, 2011 at 08:18:16PM -0400, Kara wrote:
> > Depends entirely on the strength of your passphrase. With a strong
> > enough passphrase you could publish your secret certificates in the
> > newspaper of your choice and still be confident of their safety.
>
> Using a decent password generator and specifying a mix of upper and
> lower case letters, digits, and special characters, how many total
> characters -- as a minimum -- would you recommend such a password be?
I use https://passwordcard.org. It's 100% platform independent, and doesn't
require any software or hardware, outside of your wallet, which is likely
the mose secure possession on you. Find a starting location for your
password, pick a length and direction, and go. Of course, you're not
limited to straight lines, and you shouldn't do that anyway. Spirals,
"bouncing off walls", wrapping around the card, all sorts of options for
the direction. After typing in the password enough, you memorize it anyway.
And if someone gets access to your card, they need to know:
1. Accounts
2. Usernames
3. Starting location, direction, and length of each password
And, given the random hex string, you can reprint your card, should you
lose it.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110719/be8081e6/attachment.pgp>
More information about the Gnupg-users
mailing list