[Nottingham] The pipe dream of Password Managers

Daryl daryljdudey at gmail.com
Fri Jul 24 19:24:13 UTC 2015 

The interesting part to me is VinceH. I wonder if he is Vince Hudd, an
ex-RISC OS user who posted regularly to the www.iconbar.com forums.

If so, again I'm not surprised about the small world we all live in!

Daryl.

On Fri, 24 Jul 2015 20:12 Martin <martin at ml1.co.uk> wrote:

> Folks,
>
> A slightly curious article but with a very good comment...
>
> The Register:
>
> Choc Factory research shows users just don't get security
>
> http://www.theregister.co.uk/2015/07/24/noone_can_hack_my_mind_google_experts_paper/
>
>
>
> From the comments, try this for taste for all those multiple pesky
> websites that demand that you must give them your login:
>
>
> Re: Password managers
> http://forums.theregister.co.uk/forum/containing/2581282
>
> #####
> "Password managers don't have to be run 'in the cloud' - they can be
> standalone applications running on your computer, and which should
> therefore continue running long after the developers have gone." -- VinceH
>
> Here's mine:
>
> echo -n 'mymainpassword myusernameforthewebsite thewebsitename' |
> sha256sum - | xxd -r -p | base64 | tr 'a-m' '!--' | cut -c -20 | xclip
>
> When my browser can't remember a password, I just run that script in a
> terminal, then middle key click the password input field to paste a
> twenty character password, with 6 bits of entropy per character. If you
> used the literal values in the case above it would be: 3"'MnsKA-&t74GD&,GxE
>
> For stupid accounts that insist on alphanumeric only, replace the 'tr'
> command (with something like sed "s/[+/=]//g"). The script works with
> very little modification on windows too. I also have a version that does
> a non-echoing prompt for the main password, but I tend not to bother
> with that now unless I'm aware I may be overlooked (but it's also good
> if you don't want it to end up in your shell history):
>
> read -s -p "Password:" PASSWORD && echo -n "$PASSWORD
> myusernameforthewebsite thewebsitename" | sha256sum - | xxd -r -p |
> base64 | cut -c -20 | xclip
> #####
>
>
> Note the clever use of a password salt for the generated site specific
> password...
>
>
>
> There must be an easier way to all these pesky logins!
>
> Cheers,
> Martin
>
>
> (OK, so bad pun on *nix process pipes :-P )
>
>
>
> --
> - ╔═══════════════════╦══════════════════════════════════════════╗
> - ║   Martin Lomas    ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║
> - ║ martin@ ml1 co uk ║ Import from   hkp://subkeys.pgp.net   or ║
> - ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║
> - ╚═══════════════════╩══════════════════════════════════════════╝
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20150724/885a89de/attachment.html>

More information about the Nottingham mailing list