Conversation
Notices
-
menherahair (menherahair@eientei.org)'s status on Tuesday, 19-Dec-2023 23:43:05 JST 
menherahair
dozens of password managers and still NO USE FOUND for anything more complex than .netrc -
Machismo (zerglingman@freespeechextremist.com)'s status on Tuesday, 19-Dec-2023 23:43:36 JST 
Machismo
@menherahair Password managers are a meme for normies that can't into keys. -
anonymous (anonymous@freespeechextremist.com)'s status on Tuesday, 19-Dec-2023 23:49:46 JST 
anonymous
@Zerglingman @menherahair keys are fine and all but I like keys and 2000 char+ passwords.
Also I often wonder if keys are really much better because it’s all digital and has to be stored somewhere. :thinking_fierce:
Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Tuesday, 19-Dec-2023 23:51:44 JST
Machismo
@anonymous @menherahair If you can't trust your own system, I recommend you cease running proprietary software.
Keys have the advantage of not being replayable. Technically a sufficiently advanced password manager could change the password after every login, which would still be replayable in the case of a read-only mitm (lol), and also require compliance on the remote server's part.
The only reason password managers exist in the first place is because certain servers don't give a fuck. -
anonymous (anonymous@freespeechextremist.com)'s status on Tuesday, 19-Dec-2023 23:55:28 JST
anonymous
@Zerglingman @menherahair > If you can’t trust your own system I don’t trust the external world more than I don’t trust my system. In fact I trust my system more than some of my own family members.
>Keys have the advantage of not being replayable. Can’t someone just copy whatever you’re using for a key?
>certain servers don’t give a fuck. All major servers to be accurate.
Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Tuesday, 19-Dec-2023 23:57:13 JST
Machismo
@anonymous @menherahair Your key never leaves your system (unless you are the average AWS customer and can't into keys kekw)
So paras 1 and 2 are N/A: If you trust your system that much, storing a key on it is fine. It's never going anywhere else anyway. And, nobody can copy the key unless they get into your system. Unlike with a password where the actual auth gets transported. -
anonymous (anonymous@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:00:38 JST
anonymous
@Zerglingman @menherahair >unless they get into your system There would be the rub. I suppose what I am saying is that keeping your authentication is good, and virtually everything I do is local so it’s sort of a non-issue for me whether my email gets hacked or whatever. I’m more concerned about if the system is compromised somehow. Everything can be hacked, and there’s always the cops who will shoot you if you try to turn your computer off because fuck you that’s why.
Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:01:12 JST
Machismo
@anonymous @menherahair ACAB
They'll just as soon shoot your dog because you didn't open the desk draw with the password book in it. -
menherahair (menherahair@eientei.org)'s status on Wednesday, 20-Dec-2023 00:05:02 JST
menherahair
@anonymous @Zerglingman
>I’m more concerned about if the system is compromised somehow
buy ze yubikeyMachismo likes this. -
anonymous (anonymous@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:05:07 JST
anonymous
@menherahair @Zerglingman Bruh malware bruh.
Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:05:25 JST
Machismo
@menherahair @anonymous Can't you just use your fone for that? -
anonymous (anonymous@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:06:35 JST
anonymous
@Zerglingman @menherahair Gross. 2FA phone nigger shit.
Nah SD and swallow man.
Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:07:12 JST
Machismo
@anonymous @menherahair No not like that.
Just that if you have a key stored on a USB device that device could just be whatever you have sitting around. -
Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:07:44 JST
Machismo
@menherahair @anonymous (And then you could wrangle it via some adapter so you don't have to mess with cables. Flying signals fix all problems.) -
menherahair (menherahair@eientei.org)'s status on Wednesday, 20-Dec-2023 00:08:04 JST
menherahair
@anonymous @Zerglingman got you fam https://seeeddoc.github.io/FST-01/
but I'm not sure how capable it is, so you vill buy ze yubikeyMachismo likes this. -
menherahair (menherahair@eientei.org)'s status on Wednesday, 20-Dec-2023 00:08:54 JST
menherahair
@Zerglingman @anonymous if you're worried about actors getting into your pc you probably don't want to use a phone Machismo likes this. -
Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:09:13 JST
Machismo
@menherahair @anonymous Well yeah that's fair, given how much easier PC security is. -
anonymous (anonymous@freespeechextremist.com)'s status on Wednesday, 20-Dec-2023 00:09:36 JST
anonymous
@Zerglingman @menherahair Keys outside the system is a great idea, I just don’t see the practicality of that over writing down passwords in an obscure manner. At least as far as local goes. If the system ever becomes compromised you’re fucked no matter what you did, even if you use RAM disk (at least if you encrypt anyway)
Machismo likes this.
-
All 076萌SNS content and data are available under the