Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"long sequence of words that are trivial for me to remember"

I also thought so until I suddenly forgot a master password I have been using for several years. Luckily, I was able to recollect it after several days. Then, I forgot it again.

Age, decease and head trauma can happen.



By "long sequence of words that are trivial for me to remember" I meant concatenation of secret questions, like in the bounty example: https://mprimi.github.io/portable-secret/examples/bounty.htm...

Unless I hit my head really hard, there's zero chance I will forget this passphrase.


Keys should be random. The hints make it too easy. Lets say there exist 100 male names and 100 female names, thats just 100*100 combinations for names part. You could make the key generation intentionally slow though to limit the crack speed.


> You could make the key generation intentionally slow though to limit the crack speed.

Am attacker keen enough to bruteforce can easily copy the ciphertext, IV, and salt to a tool that doesn't have a slowdown. Or, just modify the JS to remove the artificial slowdown.


Presumably they are using some KDF (Key derivation function) that is designed to be algorithmically slow in some way that you can't trivially sidestep.


This is an old problem: how to slow down the hashing. https://en.wikipedia.org/wiki/Bcrypt


> decease

That one makes passwords vanish from ones memory quite effectively.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: