|
|
|
|
|
|
by dchest
4350 days ago
|
|
|
Disregarding security of this particular implementation and trade offs, the problem is that while it's a simple solution, it's not convenient: password managers are more usable. I'm saying this as a guy who wrote similar password generator once, and used it for some time, then switched to a password manager. When you need to change a password for some website, you'll have to add something to your "door id", e.g. a counter. Then you'll have to remember such counters for every website where you decide to change password. Due to this I was a bit reluctant to change passwords, which is dangerous. If you want simplicity, the simpler and more convenient solution is to keep an encrypted text file. -- As for security, the best approach to deterministic password generators I've seen is this: http://www.cs.utexas.edu/~bwaters/publications/papers/www200... (Today you'll want to use scrypt as the hash, though). |
|
|
I used to have an encrypted list of passwords, but I was reliant on more complicated software to encrypt and decrypt the password file. Also there was more bookkeeping involved. Whenever I added a password I had to remember to save and encrypt the file and then decrypt it again to verify that I had use the right master password.