Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So apparently this guy has the infrastructure for the Linux kernel mailinglist archive sitting under his desk.
And then there was a power outage.
While he's on vacation.
Now, someone has to physically go there to enter a LUKS passphrase to let the system boot again... 🤔😂😂😂
Sometimes I don't understand people.
7 -
Yesterday and today combined I spent about 8 hours trying to get my PGP / GPG passphrase to work. Absolutely magically, somehow a newline character had gotten into the passphrase. Yes. That's possible. On macOS, that is.
On my Windows machine I have the same fucking private key protected with the same password. Now try and get a non-windows newline character into any Windows password field, be it a command line or some GUI input. WTF! You'll lose a year of your life with every passphrase error while you have the actual passphrase.
So after all these hours trying to hack my own GPG keystore without success, I remembered how the private key got on my Windows machine in the first place: see tags.4 -
Thanks openssh for responding to a malformed key, not by telling me it's malformed, but instead by asking for a passphrase on a key with no passphrase. That only cost me two hours of my life. :P1
-
it just dawned on me I could modify the fs on my arch installation usb.
i could include the passphrase for the wifi I'll be using, and a script that runs:
* wpa_supplicant and dhclient
* setfont for a bigger font (so i can see shit)
* most of the install commands that i rarely customize
* installs all my dotfiles on the target partition
i am trying out different configs for my laptop that has shitty optimus (like which one draws more power using powertop).
so i would appreciate testing these things from scratch, and automating the install helps with that6 -
Imagine the conversation with guests if you would have SSID: NotGonnaTellYou and Passphrase: DefinitelyNotGonnaTellYou#&€+'-€∆¶×✓®©✓~π|×¢✓. Fact: you can't, illegal characters in the passphrase. Duh.
-
I finally got fprintd to work on my laptop.
It's awesome to authorize sudo and polkit with a tap to the scanner rather than typing my passphrase again and again. -
I’m working on a new app I’m pretty excited about.
I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.
Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.
The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.
Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.
So actually, I came up with a design that allows you to use security questions in addition to a password.
But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.
So instead I’ve come up with these ideas. In order from least good to most good:
1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.
2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.
All this made me think “why try to fix a broken system when you can improve a working system”
So instead,
3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.
In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.
All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.8 -
when you can't generate ssh key in powershell, because the -N option (Passphrase) requires an argument.
the same works in cmd.. without error....4 -
We're supporting hardware for a new client now. A guy on my team has been working directly with the client to set up access for us all. He sent us all an email yesterday, asking us to update a ticket with our, "domain name and passphrase."
He meant user id and ssh public key, but he doesn't know enough about Linux (which he supports for a living) to know what it was called.
Top Tags
Weekly Rant
View