Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don’t be harsh on me. >w<)

    • @Zachariah
      link
      165 months ago

      Yes, and the master should be a paraphrase not a password.

      • @[email protected]
        link
        fedilink
        85 months ago

        That’s just recommended to emphasize length. If your password is as long as a passphrase it’s likely more secure (harder to remember though).

        • @Zachariah
          link
          75 months ago

          But if the point is to remember it, then you should use the security from length of series of 5+ random words. It’s easier to remember, write down, and type. All great characteristics of a master passphrase.

          • @[email protected]
            link
            fedilink
            85 months ago

            I don’t disagree, sorry if it sounded like I did.

            There’s just a theoretical weakness since the base word lists are usually public knowledge and bruteforcers could (and probably already have) optimize for that.

            The advantages of a passphrase outweigh though as you mentioned. An attacker would first need your repo anyway.

            • rockerface 🇺🇦
              link
              fedilink
              English
              65 months ago

              I’m adding obscure memes and anime references to my passphrases. Good luck bruteforcing that

              • Որբունի
                link
                fedilink
                Français
                15 months ago

                Separating some of the words with random symbols also isn’t too hard to remember and no chance that can be bruteforced.

    • @[email protected]
      link
      fedilink
      45 months ago

      Also, you don’t need to write it down correctly, if you remember what’s the missing or different or fake bit. And you can write down a few decoy ones next to it. Or have it in two different places. Lots of room for obfuscation along with some good old fashioned physical security on where you store the note. And the backup note off-site, if you’re that kind of person.

      Hell, just make some extra decoy ones just for fun and practice.