Hacker News new | past | comments | ask | show | jobs | submit login

I use a diceware[0] passphrase for my Keepass database. I was inspired heavily by XKCD comic 936[1]. My only issue with password managers is that they are a single point of failure and are juicy targets for hackers, so I usually vet them and audit them thoroughly before I use them. I am one of those rare people that actually looks at the source code of password managers to look for flaws in the implementation (I sometimes spot flaws and duly report them to the maintainers).

One caveat to diceware I never liked is how it wears out the keyboard over time as you have to type the same passphrase each time to open the vault (You would be surprised how many times I need to do this each day). I sometimes have to lock my database to avoid evil maid attacks when in a hotel for example. Of course I go through about three keyboards a year because of this, but I don't mind the cost if it gives me a crispy fresh keyboard each time. And did I mention I don't own merely one encrypted database, but many depending on different contexts and different devices?

[0] https://en.wikipedia.org/wiki/Diceware

[1] https://www.xkcd.com/936/






So you're saying that if I get access to your current keyboard or any of your former ones, I can get all of the keys used in typing your master password just by looking at the wear pattern? Hey, thanks for the tip!

Your switches/keycaps must be kind of crappy if there's that much wear on them from typing the same thing often

I guess you could switch keycaps at a much lower cost, depending on your keyboard model. If those are blank, randomly shuffling them around might be enough as well (if you can do without the new keyboard, and don't think that an attacker would look at the keyswitches wear.

This is also something I see quite often on mobile phones with a pin/pattern unlock: you can often infer the pin from the wear pattern, or the grease marks on the screen if the phone was used recently.

My keycap wear pattern more or less mirrors the letter frequency in the languages I write.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: