Re: [gentoo-user] Some mailing list emails not making it to me.

[Dale]

Neil Bothwick wrote:
> On Wed, 20 Sep 2023 16:38:32 -0500, Dale wrote:
>
>> Any one else seeing this?  Is it just me? 
> It's usually just you, you do have an exceptional knack for breaking
> things - and I've not even used the H word :)
>
>


I been getting these the past week or so.  Around the same time emails
started arriving late.  May not be related but might be.  Rest is a copy
and paste of it. 


mx.google.com rejected your message to the following email addresses:

ynas...@gmail.com
Your message wasn't delivered because the recipient's email provider
rejected it.

mx.google.com gave this error:
This mail is unauthenticated, which poses a security risk to the sender
and Gmail users, and has been blocked. The sender must authenticate with
at least one of SPF or DKIM. For this message, DKIM checks did not pass
and SPF check for [gmail.com] did not pass with ip:
[2a01:111:f400:7e0d::205]. The sender should visit
https://support.google.com/mail/answer/81126#authentication for
instructions on setting up authentication.
l15-20020aa7d94f00b0052328243febsi388450eds.153 - gsmtp

Diagnostic information for administrators:

Generating server: AS1P251MB0432.EURP251.PROD.OUTLOOK.COM

ynas...@gmail.com
mx.google.com
Remote server returned '550-5.7.26 This mail is unauthenticated, which
poses a security risk to the 550-5.7.26 sender and Gmail users, and has
been blocked. The sender must 550-5.7.26 authenticate with at least one
of SPF or DKIM. For this message, 550-5.7.26 DKIM checks did not pass
and SPF check for [gmail.com] did not pass 550-5.7.26 with ip:
[2a01:111:f400:7e0d::205]. The sender should visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for 550
5.7.26 instructions on setting up authentication.
l15-20020aa7d94f00b0052328243febsi388450eds.153 - gsmtp'

Original message headers:


Dale

:-)  :-) 

Re: [gentoo-user] Some mailing list emails not making it to me.

[Dale]

Neil Bothwick wrote:
> On Wed, 20 Sep 2023 16:38:32 -0500, Dale wrote:
>
>> Any one else seeing this?  Is it just me? 
> It's usually just you, you do have an exceptional knack for breaking
> things - and I've not even used the H word :)
>
>


Yea, let's not get into the H thing.  That thing still gets on my
nerve.  I had to reboot.  :-@ 

It may be.  It makes it hard to track a thread when something is
missing.  I can't reply to something I don't have, yet.  Plus people
snip stuff, and it is needed most of the time, so I can't fill in the
blanks as to what is missing. 

Weird tho. 

Dale

:-)  :-) 

Re: [gentoo-user] Some mailing list emails not making it to me.

[Neil Bothwick]

On Wed, 20 Sep 2023 16:38:32 -0500, Dale wrote:

> Any one else seeing this?  Is it just me? 

It's usually just you, you do have an exceptional knack for breaking
things - and I've not even used the H word :)


-- 
Neil Bothwick

Hard work has a future payoff. Laziness pays off NOW!


pgpOfgx5gflng.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Some mailing list emails not making it to me.

[Dale]

Dale wrote:
> Howdy,
>
> Anyone else noticing they are missing some emails on this list?  I
> missed one the other day, Michael I think it was, and I just missed
> another one, yet to arrive, from Neil on the ext4 move thread by Grant.
> I see Grant's reply to Neil but the message from Neil is not here yet. 
> It may arrive later.  The other one did. 
>
> Any one else seeing this?  Is it just me? 
>
> Dale
>
> :-)  :-) 
> .
>


Neil's email that was missing, just arrived.  This is odd. 

Dale

:-)  :-) 

[gentoo-user] Re: How to move ext4 partition

[Grant Edwards]

On 2023-09-20, Frank Steinmetzger  wrote:
> Am Wed, Sep 20, 2023 at 10:57:00PM +0100 schrieb Victor Ivanov:
>
>> On Wed, 20 Sept 2023 at 22:29, Grant Edwards  
>> wrote:
>> >
>> > That depends on how long it takes me to decide on tar vs. rsync and
>> > what the appropriate options are.
>> 
>> I've done this a number of times for various reasons over the last 1-2
>> years, most recently a few months ago due to hard drive swap, and I
>> find tar works just fine:
>> 
>> $ tar -cpf /path/to/backup.tar --xattrs --xattrs-include='*.*' -C / .
>
> Does that stop at file system boundaries (because you tar up '/')? I think 
> it must be, otherwise you wouldn’t use it that way.
> But when copying a root file system, out of habit I first bind-mount it in a 
> subdirectory and tar/rsync from there instead. This will also make files 
> visible which might be hidden under an active mount.

The partition/fs being backed up isn't live (it's mounted, but it's
not the root partition of the host doing the backup), so nothing is
mounted within it and there aren't any /proc or /sys entries in
it. So, in this case there's no need to worry about crossing
filesystem boundaries.

--
Grant

Re: [gentoo-user] Re: How to move ext4 partition

[Neil Bothwick]

On Wed, 20 Sep 2023 21:28:29 - (UTC), Grant Edwards wrote:

> > you may as well then restore from that backup. I'm sure it will be a
> > lot quicker than GParted's moving all the data around.  
> 
> That depends on how long it takes me to decide on tar vs. rsync and
> what the appropriate options are. After 40 years using Unix, you'd
> think I'd know that (or have it written down somewhere). :)

If you written everything down, after 40 years you'd have so many bits of
paper you wouldn't be able to find anything ;-)
 
> That said, I think I will go with the backup, repartition, restore
> method. It's been many, many years since I used GParted, and I can
> probably have the whole job done from the command-line before I can
> figure out how the GParted GUI works.

:)


-- 
Neil Bothwick

The facts, although interesting, are usually irrelevant.


pgp8rOT94BLhx.pgp
Description: OpenPGP digital signature

[gentoo-user] Re: How to move ext4 partition

[Grant Edwards]

On 2023-09-20, Victor Ivanov  wrote:
> On Wed, 20 Sept 2023 at 22:29, Grant Edwards  
> wrote:
>>
>> That depends on how long it takes me to decide on tar vs. rsync and
>> what the appropriate options are.
>
> I've done this a number of times for various reasons over the last 1-2
> years, most recently a few months ago due to hard drive swap, and I
> find tar works just fine:
>
> $ tar -cpf /path/to/backup.tar --xattrs --xattrs-include='*.*' -C / .
>
> Likewise to extract, but make sure "--xattrs" is present

Yep, that's pretty much what I decided on based on the tar command
shown at

   https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage

Interestingly, the Arch Linux Wiki recommends using bsdtar because
"GNU tar with --xattrs will not preserve extended attributes".

> Provided backup space isn't an issue, I wouldn't bother with
> compression. It could be a lot quicker too depending on the size of
> your root partition.

Both the drive being "fixed" and the backup drive are in a USB3
attached dual slot drive dock, so I'm thinking compression might be
worthwhile.

> Just make sure you update /etc/fstab and bootloader config file with
> the new filesystem UUID or partition indices.

I always forget one or the other until after I try to boot the first
time.  That's why I keep systemrescuecd and Gentoo minimal install
USB drives on hand.

--
Grant

[gentoo-user] Re: How to move ext4 partition

[Grant Edwards]

On 2023-09-20, Wol  wrote:

> Or, assuming the people who wrote gparted have two brain cells to rub 
> together, I'm pretty sure they use the same technique as memmove.
>
> "If the regions overlap, make sure you start from whichever end won't 
> overwrite the source, otherwise start at whichever end you like".
>
> Barring screw-ups (a very unsafe assumption :-), I'm pretty certain you 
> don't even need a backup!
>
> I suspect the man-page even confirms this behaviour.

Not that I could see.  The only mention of "move" on the man page is
in this list of features.

With gparted you can accomplish the following tasks:
  - Create a partition table on a disk device.
  - Enable and disable partition flags such as boot and hidden.
  - Perform actions with partitions such as create, delete,
resize, move, check, label, copy, and paste.

Assuming GParted is smart enough to do overlapping moves, is it smart
enough to only copy filesystem data and not copy "empty" sectors?
According to various forum posts, it is not: moving a partion copies
every sector. [That's certainly the obvious, safe thing to do.]

The partition in question is 200GB, but only 7GB is used, so I think
backup/restore is the way to go...

--
Grant

Re: [gentoo-user] Re: How to move ext4 partition

[Frank Steinmetzger]

Am Wed, Sep 20, 2023 at 10:57:00PM +0100 schrieb Victor Ivanov:

> On Wed, 20 Sept 2023 at 22:29, Grant Edwards  
> wrote:
> >
> > That depends on how long it takes me to decide on tar vs. rsync and
> > what the appropriate options are.
> 
> I've done this a number of times for various reasons over the last 1-2
> years, most recently a few months ago due to hard drive swap, and I
> find tar works just fine:
> 
> $ tar -cpf /path/to/backup.tar --xattrs --xattrs-include='*.*' -C / .

Does that stop at file system boundaries (because you tar up '/')? I think 
it must be, otherwise you wouldn’t use it that way.
But when copying a root file system, out of habit I first bind-mount it in a 
subdirectory and tar/rsync from there instead. This will also make files 
visible which might be hidden under an active mount.

This is not necessary if you do it from a live system, but then you wouldn’t 
tar up / in the first place.

> Likewise to extract, but make sure "--xattrs" is present
> 
> Provided backup space isn't an issue, I wouldn't bother with
> compression. It could be a lot quicker too depending on the size of
> your root partition.

Or not, depending on the speed of the backup device. ;-)
LZO compression (or zstd with a low setting) has negligible CPU cost, but 
can lower the file size quite nicely, specially with large binaries or debug 
files.

-- 
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

Do you steel taglines, too?


signature.asc
Description: PGP signature

Re: [gentoo-user] Controlling emerges

[Wol]

On 18/09/2023 17:13, Alan McKinnon wrote:



On Mon, Sep 18, 2023 at 6:03 PM Peter Humphrey > wrote:


On Monday, 18 September 2023 14:48:46 BST Alan McKinnon wrote:
 > On Mon, Sep 18, 2023 at 3:44 PM Peter Humphrey
mailto:pe...@prh.myzen.co.uk>>
 >
 > wrote:
 > > It may be less complex than you think, Jack. I envisage a
package being
 > > marked
 > > as solitary, and when portage reaches that package, it waits
until all
 > > current
 > > jobs have finished, then it starts the solitary package with the
 > > environment
 > > specified for it, and it doesn't start the next one until that
one has
 > > finished.
 > > The dependency calculation shouldn't need to be changed.
 > >
 > > It seems simple the way I see it.
 >
 > How does that improve emerge performance overall?

By allocating all the system resources to huge packages while not
flooding the
system with lesser ones. For example, I can set -j20 for webkit-gtk
today
without overflowing the 64GB RAM, and still have 4 CPU threads
available to
other tasks. The change I've proposed should make the whole
operation more
efficient overall and take less time.

As things stand today, I have to make do with -j12 or so, wasting
time and
resources. I have load-average set at 32, so if I were to set -j20
generally
I'd run out of RAM in no time. I've had many instances of packages
failing to
compile in a large update, but going just fine on their own; and
I've had
mysterious operational errors resulting, I suspect, from otherwise
undetected
miscompilation.

Previous threads have more detail of what I've tried already.


I did read all those but no matter how you move things around you still 
have only X resources available all the time.
Whether you just let emerge do it's thing or try get it to do big 
packages on their own, everything is still going to use the same number 
of cpu cycles overall and you will save nothing.


Except a big chunk off your power bill ... a system under stress uses 
more energy for the same amount of work.


If webkit-gtk is the only big package, have you considered:

emerge -1v webkit-gtk && emerge -avuND @world?


What you have is not a portage problem. It is a orthodox parallelism 
problem, and I think you are thinking your constraint is unique in the 
work - it isn't.
With parallelism, trying to fiddle single nodes to improve things 
overall never really works out.


A big problem you are missing is that portage does not have control of 
the system. It can control its usage of the system, but if I want emerge 
to use as much SPARE resource IN THE BACKGROUND as it can without 
impacting on on-line responsiveness, that is HARD.


I would like to be able to tell portage "these programs are resource 
hogs, don't parallelise them". If portage has loads of little jobs, it 
can fire them off one after the other as resource becomes available. If 
it fires a hog (or worse, two) off at the same time, the system can 
rapidly collapse under load.


Even better, if portage knew roughly how much resource each job 
required, it could (within constraints) start with the jobs that 
required least resource and run loads of them, and by firing jobs off in 
order of increasing demandingness, the number of jobs running in 
parallel would naturally tail off.


At the end of the day, if the computer takes an extra 20% time, I'm not 
bothered. If I'm sat at the computer 20% time extra because the system 
isn't responding because emerge has bogged it down, then I do care. And 
when I'm building things like webkit-gtk, llvm, LO, FF and TB, they do 
hammer my system. If they're running in parallel, my system would be 
near unusable.


Cheers,
Wol

Re: [gentoo-user] Re: How to move ext4 partition

[Victor Ivanov]

On Wed, 20 Sept 2023 at 22:29, Grant Edwards  wrote:
>
> That depends on how long it takes me to decide on tar vs. rsync and
> what the appropriate options are.

I've done this a number of times for various reasons over the last 1-2
years, most recently a few months ago due to hard drive swap, and I
find tar works just fine:

$ tar -cpf /path/to/backup.tar --xattrs --xattrs-include='*.*' -C / .

Likewise to extract, but make sure "--xattrs" is present

Provided backup space isn't an issue, I wouldn't bother with
compression. It could be a lot quicker too depending on the size of
your root partition.

> That said, I think I will go with the backup, repartition, restore
> method.
Sounds like a sound course of action to me, reinstalling is just too
much faff and can often be avoided. I have a long standing distrust of
partition management utilities that claim to move filesystem data too.
I'm sure they work just fine :)

Just make sure you update /etc/fstab and bootloader config file with
the new filesystem UUID or partition indices.

Regards,
V

Re: [gentoo-user] Re: Password questions, looking for opinions. cryptsetup question too.

[Frank Steinmetzger]

Am Wed, Sep 20, 2023 at 04:51:36PM -0400 schrieb Rich Freeman:

> > > Anyway, when I do that and use the new passwords successfully, I make a
> > > backup copy and on my rig, I can encrypt it with a right click.  I then
> > > shred the original.
> >
> > Just on a sidenote, once you’re on an SSD, shredding has no use and is
> > actually detrimental.
> >
> 
> I'm not sure I'd go quite that far, but it certainly isn't as effective.
> 
> No way to be certain how well it works, but it is certainly worth
> doing an ATA Secure Erase command on the drive.  A good SSD should
> implement that in a way that ensures all the data is actually
> unretrievable (probably by implementing full disk encryption and
> erasing the key).  Of course, there is no way to tell if the drive was
> implemented well.

Uhm, Dale was talking of a single file, not an entire disk. ;-)

-- 
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

do something for your image -- let yourself be seen with me.


signature.asc
Description: PGP signature

[gentoo-user] Some mailing list emails not making it to me.

[Dale]

Howdy,

Anyone else noticing they are missing some emails on this list?  I
missed one the other day, Michael I think it was, and I just missed
another one, yet to arrive, from Neil on the ext4 move thread by Grant.
I see Grant's reply to Neil but the message from Neil is not here yet. 
It may arrive later.  The other one did. 

Any one else seeing this?  Is it just me? 

Dale

:-)  :-) 

Re: [gentoo-user] How to move ext4 partition

[Wol]

On 20/09/2023 22:16, Neil Bothwick wrote:

On Wed, 20 Sep 2023 20:24:17 - (UTC), Grant Edwards wrote:


However, GParted apparently does. Can GParted move an ext4 filesystem
to a destination location that overlaps its starting location?

For example, I have a 500GB partition containing an ext4 filesystem
starting at sector 2048 (1MiB). I want to move that filesystem so that
it starts at sector 3*2048 (3MiB).

Can that be done in-place?

Or should I just back up the filesystem to a second drive and start
from scratch?


Given that you'd want to backup before such an operation anyway, you may
as well then restore from that backup. I'm sure it will be a lot quicker
than GParted's moving all the data around.

Or, assuming the people who wrote gparted have two brain cells to rub 
together, I'm pretty sure they use the same technique as memmove.


"If the regions overlap, make sure you start from whichever end won't 
overwrite the source, otherwise start at whichever end you like".


Barring screw-ups (a very unsafe assumption :-), I'm pretty certain you 
don't even need a backup!


I suspect the man-page even confirms this behaviour.

Cheers,
Wol

[gentoo-user] Re: How to move ext4 partition

[Grant Edwards]

On 2023-09-20, Neil Bothwick  wrote:
> On Wed, 20 Sep 2023 20:24:17 - (UTC), Grant Edwards wrote:
>
>> For example, I have a 500GB partition containing an ext4 filesystem
>> starting at sector 2048 (1MiB). I want to move that filesystem so that
>> it starts at sector 3*2048 (3MiB).
>> 
>> Can that be done in-place?
>> 
>> Or should I just back up the filesystem to a second drive and start
>> from scratch?
>
> Given that you'd want to backup before such an operation anyway,

It's a machine with very limited uses, so I'd probably only back up
/etc and /root. Reinstalling probably wouldn't take too much longer
than backing up and restoring /.

> you may as well then restore from that backup. I'm sure it will be a
> lot quicker than GParted's moving all the data around.

That depends on how long it takes me to decide on tar vs. rsync and
what the appropriate options are. After 40 years using Unix, you'd
think I'd know that (or have it written down somewhere). :)

That said, I think I will go with the backup, repartition, restore
method. It's been many, many years since I used GParted, and I can
probably have the whole job done from the command-line before I can
figure out how the GParted GUI works.

Re: [gentoo-user] How to move ext4 partition

[Neil Bothwick]

On Wed, 20 Sep 2023 20:24:17 - (UTC), Grant Edwards wrote:

> However, GParted apparently does. Can GParted move an ext4 filesystem
> to a destination location that overlaps its starting location?
> 
> For example, I have a 500GB partition containing an ext4 filesystem
> starting at sector 2048 (1MiB). I want to move that filesystem so that
> it starts at sector 3*2048 (3MiB).
> 
> Can that be done in-place?
> 
> Or should I just back up the filesystem to a second drive and start
> from scratch?

Given that you'd want to backup before such an operation anyway, you may
as well then restore from that backup. I'm sure it will be a lot quicker
than GParted's moving all the data around.


-- 
Neil Bothwick

He who laughs last thinks slowest!


pgpIJFqg5f9uh.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Password questions, looking for opinions. cryptsetup question too.

[Rich Freeman]

On Wed, Sep 20, 2023 at 4:22 PM Frank Steinmetzger  wrote:
>
> Am Tue, Sep 19, 2023 at 11:49:24PM -0500 schrieb Dale:
>
> > Anyway, when I do that and use the new passwords successfully, I make a
> > backup copy and on my rig, I can encrypt it with a right click.  I then
> > shred the original.
>
> Just on a sidenote, once you’re on an SSD, shredding has no use and is
> actually detrimental.
>

I'm not sure I'd go quite that far, but it certainly isn't as effective.

No way to be certain how well it works, but it is certainly worth
doing an ATA Secure Erase command on the drive.  A good SSD should
implement that in a way that ensures all the data is actually
unretrievable (probably by implementing full disk encryption and
erasing the key).  Of course, there is no way to tell if the drive was
implemented well.

Full-disk encryption at the OS level is of course the best way to
protect against recovery of data on a discarded disk.

-- 
Rich

[gentoo-user] How to move ext4 partition

[Grant Edwards]

I've got a Gentoo install using a GPT partition table and Legacy boot
using Grub2. There is a single /root parition and a single swap
partition on the drive.

I did not create a bios-boot partition at the start of the disk, so I
had to force grub2 to install using block-lists.  I'd like to fix that
now. This requires that I move the ext4 root partition towards the end
of the drive to create 2MB of free space at the start of the drive for
a new bios-boot partition.

I see that Gnu parted no longer has a move command.

However, GParted apparently does. Can GParted move an ext4 filesystem
to a destination location that overlaps its starting location?

For example, I have a 500GB partition containing an ext4 filesystem
starting at sector 2048 (1MiB). I want to move that filesystem so that
it starts at sector 3*2048 (3MiB).

Can that be done in-place?

Or should I just back up the filesystem to a second drive and start
from scratch?

Re: [gentoo-user] Re: Password questions, looking for opinions. cryptsetup question too.

[Frank Steinmetzger]

Am Tue, Sep 19, 2023 at 11:49:24PM -0500 schrieb Dale:

> Anyway, when I do that and use the new passwords successfully, I make a
> backup copy and on my rig, I can encrypt it with a right click.  I then
> shred the original.

Just on a sidenote, once you’re on an SSD, shredding has no use and is 
actually detrimental.

-- 
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

On Mondays I feel like Robinson -- I’m waiting for Friday.


signature.asc
Description: PGP signature

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[Frank Steinmetzger]

Am Wed, Sep 20, 2023 at 01:28:09PM +0100 schrieb Michael:

> > I have a question tho.  Can a person use a password/pass phrase that is
> > like this:  'This is a stupid pass phrase.'   Does it accept that even
> > with spaces? I know file names can have spaces for a long while now but
> > way back, you couldn't do that easily.  One had to use dashes or
> > underscores.

Sure, why not? It’s a string like any other. No spaces in filenames where a 
restriction of (now outdated) file systems. And I guess developers didn’t 
account for them back in those days (and later out of habit). When I used 
DOS, of course I adhered to the 8.3 rule. But ever since I started using 
Windows, XP at the latest (2001), I wholly started using spaces everywhere 
and never looked back. The programs that had problems with spaces were few 
and script authors should just adhere to best practices and put filename 
variables in quotes, so they can work with spaces. The only nuissance they 
pose for me is it may make tab completion cumbersome sometimes.

PS.: I find underscores ugly. :D

> Generally speaking space characters are a poor choice for randomness.  I 
> recall seeing some documentary about the Enigma machine used by the German 
> military during the 2nd WW.  To minimise attempts to brute force the 
> ciphertext, they started by identifying which letter(s) were most frequently 
> used in the German language - e.g. the letter "e", then the second most 
> frequent letter and so on.  This statistical analysis approach in combination 
> with likely message content reduced the number of guesses.

Here you speak of the payload, not the passphrase, which is the encyption 
key. The key was rotated after each character and the initial key setting (the 
tumbler position) was distributed in secret code books.

> In principle, a repeated space character in your passphrase could help 
> reduce the computational burden of an offline brute force attack, by e.g. 
> helping an attacker to identify the number of individual words in a 
> passphrase.

Due to the rotation, the Enigma encoded each subsequent letter differently, 
even if the same one repeated, which was (one of) the big strengths of the 
Enigma cipher. The flaws were elsewhere, for example that a character could 
never be encrypted onto itself due to the internal wiring and certain 
message parts were always the same, like message headers and greetings.

For LUKS, having spaces in your passphrase (or their frequency) has no 
influence on the ciphertext, since the passphrase itself is not used for 
encryption. The passphrase only unlocks the actual key, which is then used 
for encryption. It comes down to whether the passphrase can easily be 
guessed by dictionary attacks. So if you write normal sentences with 
correctly written words, they might be easy to crack. I don’t expect it 
makes a big difference to the brute force software whether you use spaces or 
not.

-- 
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

Suicide is the most honest form of self-criticism.


signature.asc
Description: PGP signature

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[Jude DaShiell]

Another possibility is to write down encrypted passwords and don't
disclose encryption technique.  The rot13 is worthless.


-- Jude  "There are four boxes to be used in
defense of liberty: soap, ballot, jury, and ammo. Please use in that
order." Ed Howdershelt 1940.

On Wed, 20 Sep 2023, Hoël Bézier wrote:

> Am Tue, Sep 19, 2023 at 12:36:13AM -0500 schrieb Dale:
> >In the real world tho, how do people reading this make passwords that no
> >one could ever guess?  I use Bitwarden to handle website passwords and
> >it does a good job.  I make up my own tho when encrypting drives.  I'm
> >not sure I can really use Bitwarden for that given it is a command line
> >thing, well, in a script in my case.  I doubt anyone would ever guess
> >any of my passwords but how do people reading this do theirs?  Just how
> >far do you really go to make it secure?  Obviously you shouldn't give up
> >much detail but just some general ideas.  Maybe even a example or two of
> >a fake password, just something that you would come up with and how. 
>
> For storing passwords, I use app-admin/pass.
>
> For choosing passphrases, I write sentences. I know having space character at
> a predictable frequence in the passphrase makes it easier to find out, but
> using phrases makes it easier to come up with very long passphrases (which, I
> believe, balances the space thing, though I’m no crypto expert), which are
> also easy to remember.
>
> Hoël
>
>

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[Jack]

On 9/20/23 12:18, Hoël Bézier wrote:


Am Tue, Sep 19, 2023 at 12:36:13AM -0500 schrieb Dale:

In the real world tho, how do people reading this make passwords that no
one could ever guess?  I use Bitwarden to handle website passwords and
it does a good job.  I make up my own tho when encrypting drives.  I'm
not sure I can really use Bitwarden for that given it is a command line
thing, well, in a script in my case.  I doubt anyone would ever guess
any of my passwords but how do people reading this do theirs? Just how
far do you really go to make it secure?  Obviously you shouldn't give up
much detail but just some general ideas.  Maybe even a example or two of
a fake password, just something that you would come up with and how.


For storing passwords, I use app-admin/pass.

For choosing passphrases, I write sentences. I know having space 
character at a predictable frequence in the passphrase makes it easier 
to find out, but using phrases makes it easier to come up with very 
long passphrases (which, I believe, balances the space thing, though 
I’m no crypto expert), which are also easy to remember.
I don't think anyone has yet mentioned using the first (or last or 
second) letter of each word in the first (or last) sentence of a 
favorite book or poem or song, possibly modifying with some upper case 
and sprinkling in digits and special characters.

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[Hoël Bézier]

Am Tue, Sep 19, 2023 at 12:36:13AM -0500 schrieb Dale:

In the real world tho, how do people reading this make passwords that no
one could ever guess?  I use Bitwarden to handle website passwords and
it does a good job.  I make up my own tho when encrypting drives.  I'm
not sure I can really use Bitwarden for that given it is a command line
thing, well, in a script in my case.  I doubt anyone would ever guess
any of my passwords but how do people reading this do theirs?  Just how
far do you really go to make it secure?  Obviously you shouldn't give up
much detail but just some general ideas.  Maybe even a example or two of
a fake password, just something that you would come up with and how. 


For storing passwords, I use app-admin/pass.

For choosing passphrases, I write sentences. I know having space character at a 
predictable frequence in the passphrase makes it easier to find out, but using 
phrases makes it easier to come up with very long passphrases (which, I 
believe, balances the space thing, though I’m no crypto expert), which are also 
easy to remember.


Hoël


signature.asc
Description: PGP signature

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[Michael]

On Wednesday, 20 September 2023 05:19:18 BST Dale wrote:
> Michael wrote:
> > On Tuesday, 19 September 2023 06:36:13 BST Dale wrote:
> >> Heck, a link to some good info on that would be good.  :-)
> > 
> > https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md
> > 
> > https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-forma
> > t.pdf
> > 
> > https://wiki.archlinux.org/title/Data-at-rest_encryption
> 
> Oops.  Should have sent this in other message. 
> 
> Interesting links.  Some of the info I'm clueless.  I don't know some of
> the terms and what they mean.  Some of it I get tho.  Basically, despite
> people wanting to encrypt to protect data, some powerful entities can
> still crack it no matter how good the password or phrase is.  It seems
> encryption done 'on the fly' I think is the phrase they use is just very
> hard to do without some serious CPU power or other tools.  Am I getting it?

Security can be compromised because people use easy to guess passwords, or by 
using side-channel attack methods.  As Snowden mentioned, if you rely on a low 
entropy device, e.g. a mobile phone, on which the base frequency can also be 
compromised, then that could be the weakest link for an attack.  Not to 
mention keyloggers and various MITM attacks, which on phones at least are 
rumoured to be the way to compromise a device.  Cracking algos and ciphers is 
computationally more expensive, performed offline and probably the last 
resort.  That said, if you assume state actors are at least 10 years ahead of 
you in terms of technological solutions and resources, you'd be at the right 
ballpark.


> I have a question tho.  Can a person use a password/pass phrase that is
> like this:  'This is a stupid pass phrase.'   Does it accept that even
> with spaces?  I know file names can have spaces for a long while now but
> way back, you couldn't do that easily.  One had to use dashes or
> underscores.  Uses spaces could open a few options. 

Generally speaking space characters are a poor choice for randomness.  I 
recall seeing some documentary about the Enigma machine used by the German 
military during the 2nd WW.  To minimise attempts to brute force the 
ciphertext, they started by identifying which letter(s) were most frequently 
used in the German language - e.g. the letter "e", then the second most 
frequent letter and so on.  This statistical analysis approach in combination 
with likely message content reduced the number of guesses.  In principle, a 
repeated space character in your passphrase could help reduce the 
computational burden of an offline brute force attack, by e.g. helping an 
attacker to identify the number of individual words in a passphrase.  All 
these passphrases and whatever other private info you pasted into different 
websites could also be harvested and used to determine some statistical 
pattern in your selected passphrases.  However, different ciphers and stronger 
keys guard against easy cracking by brute force.



signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.

[hitachi303]

Am 20.09.23 um 04:41 schrieb Dale:

It is interesting what people can come up with.  Thing is, if one uses a
true random generated password, they are hard to crack but also hard to
remember.  I try to come up with something that will be hard to crack
but easy for me to remember.


If someone has a child one can always frame the first language test and 
put it at the wall in the office together with some family photos. Those 
spelling errors might not be random but for all practical use they are 
not predictable. One can always look it up. Just remember the line of 
the password. This is hidden in plain sight.