[ale] evernote security breach
JD
jdp at algoloma.com
Mon Mar 4 19:56:21 EST 2013
On 03/04/2013 06:54 PM, Jay Lozier wrote:
>>
> I tend to use very long gibberish passwords (Keypassx) that include any keyboard
> character including punctuation. I consider 15 characters unacceptably short.
This.
KeePass v1.x on Windows
KeePassX on Linux
KeePassDroid on Android
they all share the same binary DB. Easy to rsync everywhere, though I suppose
if you trust 3rd parties, something like dropbox could do it too.
If I am not going to type the password, and I don't with KeePass - why not use
something long, random, unique, if it is allowed? My default is 44 chars. Only
after that is rejected and I carefully read the requirements will I limit the
alphabet.
I consider anything less than 20 characters weak.
Look up "Pure Hate's password cracking" presentation and you'll never use
anything less than 15 characters again.
My passwords are not just for today, but I'm trying to be reasonably secure for
that data for the next 20 yrs. People are recording and saving encrypted
traffic today to be cracked in the future. They are working on encrypted
traffic from 15 yrs ago now - AND being successful.
More information about the Ale
mailing list