[Cryptography] Low-tech password safe was: Passwords (Smallest feasible work factor today?)
Ray Dillinger
bear at sonic.net
Wed Sep 14 23:41:01 EDT 2022
On 9/14/22 01:26, Ralf Senderek wrote:
>
>> It is true that the *REST* of the system will still leak like a
>> sieve. But at least there are feasible alternatives to worrying about
>> the security of the password management device itself.
>
> But if you recommend this as a better password manager its security
> vanishes when being used.
>
Couldn't I use exactly the same argument to say that the security of an
electronic password manager vanishes when being used?
And couldn't I state truthfully that an electronic password manager, as
far as the user is actually able to tell or check, is potentially
subject to electronic leaking at any time while the user *can* tell and
check that passwords kept in the lockbox are not?
Seriously, if your key manager were *BROADCASTING YOUR KEYS ON WIFI* it
would look exactly the same to your poor mortal senses. Why do you trust
that it's not? Can you list all the human beings you had to trust in
order to reach that conclusion, and the reasons why you trust each one
of them?
If you genuinely don't care that your password management device may
leak, you may as well tattoo your passwords on your forehead.
Bear
More information about the cryptography
mailing list