[Nottingham] The pipe dream of Password Managers

[Martin]

On 26/07/15 15:09, Jason Irwin wrote:
> On 24/07/15 20:12, Martin wrote:
>> "Password managers don't have to be run 'in the cloud'
> But they do need to provide a service across devices. Something that has
> to be re-implemented and then manually held in-sync across devices is a
> PITA.
> 
> OK, so one can have a common file and use a personal instance of
> ownCloud or similar to do this but it makes it more awkward for the
> non-technical user.

Which is where I rather like the idea of using a one-way hash to
generate site/account specific unique pass-codes that depend on a
passphrase salt and the account and site url...

Then all you need is a good personally friendly but machine difficult
passphrase that you enter each time, and use the one completely open
hashing utility that is the same utility on all your devices.

No need to sync anything. No 'cloud' needed.


The only difficulty there is to package up the utility such that your
common passphrase is not exposed by a keylogger trojan or whatever...


(Anyone happy to give a talk on using Yubi-keys or similar. Arduino
one-time-pass keys?! :-) )

Cheers,
Martin


-- 
- ╔═══════════════════╦══════════════════════════════════════════╗
- ║   Martin Lomas    ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║
- ║ martin@ ml1 co uk ║ Import from   hkp://subkeys.pgp.net   or ║
- ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║
- ╚═══════════════════╩══════════════════════════════════════════╝