undefined | Better HN

0 pointsOsmium12y ago0 comments

SuperGenPass uses MD5 or SHA512 (so they do use hashes). Personally, I use bcrypt with a cryptographically random and long master password, which is something at least.

I appreciate the input and advice anyway. Security being a system of compromises, my current stance is that the security offered by a system like this, despite its flaws, is greater than a password database system (with truly random passwords) because then both I need to keep the database physically secure and trust that e.g. 1Password have designed it properly (or that my cloud provider is capable of keeping it secure). Since 1Password has apparently had potential issues in the past I don't have too much faith, but perhaps I'm being overly cynical.

Comments like yours and Groxx's help me re-evalute what I'm doing though, so maybe I will switch to proper random passwords in future. So thanks again for the input!

0 comments

lvh12y ago

I didn't say anything about any particular system. Using MD5 or SHA-512 doesn't have to be bad per se -- using them once is bad.

Also, you mention having to keep it physically secure. I don't think that's true; you can use anything you want to encrypt it, from passwords to smart cards to whatever.

You mention you have a long and cryptographically random password. I'm guessing (hoping?) that it consists of a bunch of words that are easier to remember, since humans are pretty bad at remembering things with sufficient entropy to count, particularly if they come in the form of unintelligible junk :)

j / k navigate · click thread line to collapse