Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Oblig xkcd (Score 5, Interesting) 220

I've posted this before, but I want to get this idea out there:

Here's how to make your password truly secure, if you really have something you want to hide:

1) Get fifty dollar bills. Maybe get some fives and tens mixed in with them. Total cost less than $100.

2) Shuffle them into a random order.

3) Set your Truecrypt (or Veracrypt, or whatever) password to be the hundred-digit number formed by taking the two least significant digits of the bills' serial numbers, in order.

4) Keep the stack of cash next to your computer, and make sure you don't let it get out of order. If you lose - or even just drop - the stack, it's game over. If/when you find yourself starting to remember the password and able to enter it without referring to the stack, shuffle the stack and change your password.

5) If an adversary raids your house, chances are that the stack of cash will simply vanish into a pocket. And if that doesn't happen, odds are pretty good that the stack will be scrambled, especially if there are different denominations mixed in.

6) At this point, your password is well and truly gone. No amount of rubber hose cryptography can bring it back.

7) The best part about this plan is you don't have to actually do it. Your password can be your dog's name, as long as you're willing to stick to your story - and it helps if you actually keep a stack of cash next to your computer - that you did steps 1-4.

Comment I've said it before (Score 1) 560

Step 1: Acquire fifty one-dollar bills. If you're feeling especially rich, mix fives and tens in with them.

Step 2: Put them into a random order.

Step 3: Generate a password by taking the least significant two digits of each bill, in order, for a 100-digit number. Use this password to encrypt your data.

Step 4: Make sure that the bills never get out of order. Keep them in your desk drawer or another safe place.

Step 5: The cops raid your place. There is a decent chance that a small stack of cash would never make it into evidence, simply vanishing into an officer's pocket. Even if that doesn't happen, they'll catalog the money, sort it (here's where the fives and tens come in handy), and almost certainly get it out of order in the process.

Step 6: Your password is now gone. Unless the cops turned in the cash and kept it in order, it is impossible for you to tell them your password. If the bills make it into evidence, there are up to 50! (~200 bits) possible passwords. If not, there are 10^100 (~300 bits) possible passwords.

Step 7: Don't actually do steps 1-4. Just keep a small stack of cash next to your computer. Your actual password can be your cat's name. Just be willing to testify under oath that you did steps 1-4.

Comment Mine does. Somewhat. (Score 1) 572

From looking at certification chains, I can see that my employer (a state government) MITMs Google (even though GMail is blocked), and probably other sites that I haven't noticed, but they do not MITM banks, at least not the two I visit occasionally from work. I haven't done much investigation beyond that.

"Falling in love makes smoking pot all day look like the ultimate in restraint." -- Dave Sim, author of Cerebrus.