Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Root825995yMy 40+ char luks disk encryption password has stopped being something I think about and just something I type. I only say scattered pieces of it in my head now. I'm amazed every time I get it right.
-
@Root careful. I have most of my secrets in muscles, I try not to remember them.
One day my muscles decided they want to forget pins of 2 bank cards. Just like that. Both in one day. Been using those pins for over a year, few times a day.
To this day I cannot recall either of those pins :/
just... Careful with that -
ArchLinux715yIts a common thing for everyone, i forgot my bank PIN.
Had to go to the nearest ATM and without even thinking, i managed to get it right in my first try. -
slashasdf445yI have this with the PIN for my debit card, if I think about it I get it wrong.
So I just stare into the void and let my finger muscles work it out. -
I use a pattern of my card numbers/exp date to remember my pin. I just remember the pattern and apply a slightly modified on other cards.
That way I just look at my card number to get the pin. -
Depending on who you're keeping things safe from, passwords backups are a smart idea.
Of course not on a post-it on your monitor at the office... but storing a list of important passwords in a physical lockbox with a physical key isn't a bad idea.
I mean LUKS disk encryption is nice in case someone steals/finds your laptop, but if you have terrorist plans on there, the question is: Will your head really last longer against a crowbar than a cheap fireproof lockbox?
https://xkcd.com/538/
The sentence password method is also pretty good for actually memorizing passwords without relying on muscle memory. Something like "thereareveryfewthingsintheworldIloveasmuchaschocolateicecream" is pretty strong as a LUKS key. -
@bittersweet And in unconstitutional rogue states like the UK, you even go to jail if you refuse to hand out the password because the right to remain silent is not valid in that shithole.
-
@Fast-Nop In which case forgetting your password might be a great security feature?
"Tell us your password, or else we break your other 8 fingers"
"I can't, I don't know the password"
"Then how do you log in?"
"Muscle memory"
"Then type it for us!"
"I can't, you broke two of my fingers already..." -
@bittersweet That's an obvious pretext. If you don't supply password evidence against yourself, you go to jail. Simple as that once "nemo tenetur" goes out of the window.
-
@Fast-Nop I'd be so screwed... I still have at least three laptops I don't know the passwords for anymore.
-
Root825995y@Fast-Nop No freedom of speech, laws against encryption, no rights to privacy, no protection against unlawful search and seizure, high taxes, jail time for e.g. calling someone a dickhead, or for fending off a robber with a kitchen knife, ... . I would never, ever live somewhere like that. Hell, I don't even want to visit it.
-
ArchLinux715y@Root
True.
earlier I used to think highly of the laws and freedoms they used to have.
right now everyone's (political leaders) loving China and wanna emulate them in some way or the other.
I would no way EVER visit such a place. -
look up lastpass or 1password apps. you could easily store all passwords and sync across all your devices, so in this case you could at least use your phone app to look up the password.
-
@zemaitis I never write down these specific passwords anywhere but for general passwords I'm thinking about a password manager as well.
Although that won't be lastpass or 1password because for this level of data I wouldn't use proprietary software in a trillion years. -
@linuxxx The unix "pass" utility is neat. DB is stored as plaintext, but the idea is that you mount it on an encrypted volume/file -- which can be synced through git/gitannex, duplicati, syncthing, s3, etc
Although, if it's really sensitive information, offline-only might be an even better approach.
AES256 might be safe now, but maybe not in 5 years -- and people might leak your secrets retroactively. Not so much a problem for changeable passwords, but your encrypted dickpics might leak.
I worked at a pharma company where we handled patents, where protocol was "assume that all crypto is already vulnerable". Many documents regarding laboratory procedures were only available on air-gapped servers, and had to be transferred to special kindle-like devices using special verified USB cables. The machines and readers were all based on open source software, but didn't even use encryption themselves... because there was armed security and detection gates at the door of the facility. -
funny thing is when you have your debit card pin mainly in muscle memory, and then you meet a payment terminal which has the other 3x3 keyboard, and you need to type in the right pin by working out how the flipped motions of your musle memory need to look.
-
global5775yLiterally can't type my passwords without muscle memory. All qwerty labels, all Dvorak keyboards. I can never log in on mobile haha
-
@TheSilent I use KeePassXC as well. I use a yubikey for a password. Password problems solved.
Holy fuck, muscle memory just saved my ass.
At a train station wanting to do some work on my mini laptop which has disk encryption (LUKS I think). Realised that I forgot the password partly 😬
Few tries.... incorrect. FUCK.
*hey, let's try to let my hands do the work based on muscle memory!*
*starts typing the password (its insanely long) and presses enter*
*succesfully unlocked, booting...*
😅
rant