search for: memorizable

...you have already worked out a good password, and memorized it. This change is not going to enforce uniqueness per server. (Though, if this server will be used via SSH, it might be a good idea to do that anyway. SSH keys ? optionally with passphrases ? are more secure than even quite a long human-memorizable password. Disable password auth and use keys.)

...d (actually cyanogen) phone I don't have to use a password at all for the phone itself, just services. > (Though, if this server will be used via SSH, it might be a good idea to > do that anyway. SSH keys ? optionally with passphrases ? are more secure > than even quite a long human-memorizable password. Disable password auth > and use keys.) Yes and it's under discussion to make keys compulsory by default rather than passwords for at least root remote logins. Hard to setup compared to a password. But once that's done it's actually easier to use. -- Chris Murphy

...hod of trust establishment, I wrote the attached patch for ssh-keygen, to derive a key from a given secret eterministically (by seeding the PRNG). The patch applies cleanly to the original 8.0p1 sources. Would you consider adding this feature to ssh-keygen? Another possible use case might be human memorizable key pairs, so I think it is not too tightly bound to our specific use case. -- You are receiving this mail because: You are watching the assignee of the bug.

On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote: >> > Let?s flip it around: what?s your justification *for* weak passwords? > You don't need to write them down. Or trust some 3rd party password keeper to keep them. Whereas when 'not weak' is determined by someone else in the middle of trying to complete something, you are very likely to