undefined | Better HN

0 pointsh1d7y ago0 comments

When it comes to password, you're better off using some offline tool.

0 comments

4 comments · 2 top-level

orf7y ago· 2 in thread

Why? Because some high powered adversary is spying and decrypting all your internet traffic to find a passphrase you may or may not use in its entirety?

h1dOP7y ago

DDG should be fine to be trusted but you don't know what kind of code produced it.

You need to worry about where the produced password is stored, how random it is and you can't prove any of it.

Generally, you can't just decrypt your traffic... there are other attack vectors.

moollaza7y ago

Our instant answers are open source. You can see the Perl used for the passphrase Goodie here: https://github.com/duckduckgo/zeroclickinfo-goodies/blob/mas...

We’re not storing these generated phrases anywhere.

clubm87y ago

> When it comes to password, you're better off using some offline tool.

It can be useful for low risk scenarios.

(Ex: setting up a new netflix passphrase to share with a new partner)

j / k navigate · click thread line to collapse