top | item 39695671

(no title)

The fact that you are using the internet means that you have implicit trust in much less trustworthy entities than a known security researcher.

That being said, there's no need to use 3rd party password generators, if you can make your own.

discuss

Maskawanian|1 year ago

Ok sure, but you're moving the goalposts. The OP was talking specifically with respect to using a non client side password generator. As a joke it is funny, but only a fool would use a password generator that can't be audited and that may be logged.

TedDoesntTalk|1 year ago

> only a fool would use a password generator that can't be audited and that may be logged.

Really?

1. It’s from a known-reliable source

2. Even if the password is stored, logged, broadcast around the world for billions to see, so what?

A. Source has no way to know if the user used the password anywhere or saved it

B. Source doesn’t know who the user is

C. Source doesn’t know in which website or resource the password was used.

So… I stand by my paranoia claim. I wouldn’t go so far as to call you foolish like you did me, but I’d say such a world view will not be a net gain for you over your lifetime. You’ll have difficulty delegating work. You’ll have major trust issues. Maybe you already do. But as they say, “you do you.”

usr1106|1 year ago

No need to make your own generator.

But being able to inspect (theoretically even audit) the source, building (if necessary) and running it locally in some container/sandbox without network connection would be minimum reqirements for me.