Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #137311

Re: Do you use a password manager?

From Lewis <g.kreme@kreme.dont-email.me>
Newsgroups comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc, comp.misc
Subject Re: Do you use a password manager?
Date 2021-07-20 20:13 +0000
Organization Miskatonic U
Message-ID <slrnsfebil.2a9s.g.kreme@m1mini.local> (permalink)
References <sch3ep$87h$1@dont-email.me> <sch9i1$k05$1@dont-email.me> <DbgJI.45173$h8.20921@fx47.iad> <87r1fu18j7.fsf@nosuchdomain.example.com> <8735s99z9w.fsf@LkoBDZeT.terraraq.uk>

Cross-posted to 4 groups.

Show all headers | View raw

In message <8735s99z9w.fsf@LkoBDZeT.terraraq.uk> Richard Kettlewell <invalid@invalid.invalid> wrote:
> Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
>> Alan Browne <bitbucket@blackhole.com> writes:
>>> On 2021-07-12 07:37, Wade Garrett wrote:
>> [...]
>>>> I'd like to use a password manager but I'm not comfortable with that 
>>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> 256 bit AES encryption not good enough for you?
>>
>> The weak link is not the encryption algorithm, but the key used to
>> decrypt the data.

> There’s lots of possible weak links.

> - The key may be stored insecurely.

The key is not stored at all. The key is the password that that the user
selects.

> - If the key is derived from a password then the user may choose a weak
>   password.

Nothing anyone can do about that.

>   - It’s easy to make a bad choice of KDF.
> - The choice of cipher mode matters.

Which is why these tools are audited by third parties and you should
only use tools that have been audited.

> - For some cipher modes, how you choose the parameters matters.

Ibid.

> - Some ciphers (including AES) are prone to side channels.

Ibid.

> How much each of these matters is situational, but “256 bit AES
> encryption” is not a complete description and may indeed not be good
> enough, depending on the missing details.

Ibid.


-- 
you cannot code around infinite implementations of OCD -John C Welch

Back to comp.sys.mac.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 09:53 +0000
  Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-12 07:37 -0400
    Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 07:41 -0400
    Re: Do you use a password manager? "Andy K." <andy.k466@gmail.com> - 2021-07-12 15:14 +0200
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:45 +0000
    Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-12 15:17 +0000
      Re: Do you use a password manager? Lamey <lametroll@invalid.invalid> - 2021-07-12 09:36 -0600
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:46 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:43 -0400
    Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-12 15:40 +0000
    Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 11:52 -0700
      Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-12 19:58 +0000
        Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:15 -0700
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 16:27 -0400
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:48 -0700
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 17:14 -0400
                Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 14:43 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 18:11 -0400
                Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 15:52 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 19:18 -0400
                Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 16:57 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 20:25 -0400
                Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 21:41 -0700
                Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:10 +0000
                Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-13 01:08 +0000
                Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-13 14:43 +0000
                Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:59 +0000
                Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-13 13:55 -0700
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:48 +0000
            Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:04 +0000
    Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-16 16:34 +0300
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 15:06 +0000
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 20:10 +0000
          Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 21:51 +0000
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 22:05 +0000
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 22:19 +0000
      Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-16 11:19 -0400
    Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:42 -0400
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 11:08 -0700
        Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-19 14:12 -0400
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-19 20:07 +0000
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 14:15 -0700
        Re: Do you use a password manager? Richard Kettlewell <invalid@invalid.invalid> - 2021-07-20 09:15 +0100
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-20 20:13 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-20 16:39 -0400
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-20 15:52 -0700
  Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-12 15:28 +0000
    Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:51 +0000
      Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-13 17:15 +0000
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 19:07 +0000
  Re: Do you use a password manager? Oregonian Haruspex <no_email@invalid.invalid> - 2021-07-14 01:29 +0000
    Re: Do you use a password manager? % <pursent100@gmail.com> - 2021-07-13 18:43 -0700
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:00 +0000
  Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:40 -0400
    Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-22 08:52 +0000
      Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-22 09:52 -0400
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@danwin1210.me> - 2021-07-27 11:27 +0000
          Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 08:30 +1200
            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-27 17:30 -0400
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-27 22:47 +0000
              Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 15:40 +1200
                Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-28 08:41 +0000
                Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 12:35 +0000
            Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-28 10:52 +0300
            Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-28 17:45 +0000
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 22:30 +0000
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-28 18:56 -0400
                Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-29 07:38 +0000
  Re: Do you use a password manager? Dreamer In Colore <dreamerincolore@hotmail.com> - 2021-07-21 13:28 -0400
    Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-21 12:31 -0700
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-21 21:00 +0000
        Re: Do you use a password manager? Ben Bacarisse <ben.usenet@bsb.me.uk> - 2021-07-22 01:23 +0100
          Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-22 08:46 +0000

csiph-web