Calm down, jeez. You said you have a system for generating passwords. Scheme is just a word for a system of doing stuff in a security setting.
I’m literally just asking what your system is and you’re acting like it’s the most aggressive thing ever.

Do you expect everyone to agree with you immediately? Disagreement isn’t aggression, it’s the starting point for the debate you keep mentioning.

There’s a principle in security, https://en.wikipedia.org/wiki/Kerckhoffs’s_principle, roughly summarized as “the enemy knows the system”. It’s the notion that you should be able to fully describe everything about your system except the secret key and still be secure.

My concept is a bit like this (don’t wanna give it all away):

That’s always a concerning thing to encounter at the beginning of a description. That implies that there’s an awareness that if you knew how the system worked it would be weaker, which in a security setting is considered a very notable defect.

If we’re looking at the actual security of the system you describe through that lens, the name of the company doesn’t add to your security. Neither does your word substitution rules. The secret in your system is the passphrase and the number you’re using to modify the letters from the company name.

Now, using a passphrase is good, but it kinda felt like you were implying that you use the same passphrase for all services and then modify it. That’s not a good idea, since it reduces your effective security to a single number.
Additionally, a passphrase should be random words, not a known phrase. If the phrase is grammatical it reduces the security pretty fast since it’s weirdly easy to guess word sequences.

Adding a character to the end of a password during rotation is also a bad idea. Anyone breaking a password database will automatically try with a series of characters tacked onto the end specifically to catch that, so a password of yours that got leaked years ago can be used to figure out your current password just by checking it with different endings.

A better system would be to write a truly random password down on a sheet of paper along with 31 others. Now fold up the piece of paper and put it in your wallet.
You are already adept at keeping paper in your wallet secure, and anyone not in physical proximity to you has to fall back to the usual tricks to get at your stuff.
Better yet would be to use a password manager, ideally one you can export to something you carey, encrypted, with you while you go.

Uh huh. When was I rude? You started by calling me ignorant, and I just asked you some questions about your system. You seem extremely defensive, since it seems to take only the smallest disagreement for you to dismiss someone as ignorant, lacking common sense, and unable to hold a discussion. Take a breath, and try actually explaining your system so there can actually be a discussion of what is or isn’t wrong with it.

I’m not looking for a fight, but I am extremely skeptical of your scheme because it’s one that people bring up often, and it’s never done in a secure way. Maybe yours is, but there’s no way to know if you don’t actually say what it is.

How often does any of that happen to you?

For the second one, that seems unlikely, and you can just type the password you read off your phone.

The printer scenario seems both unlikely, and has nothing to do with password managers.

If you’re memorizing your passwords, you need to factor in the likelihood you forget, and for the actual security of the password. It sounds like you’re memorizing weak passwords, which is the heart of the problem, not a downside to password managers.

What’s your system? I love hearing about people’s great systems for generating passwords. How much entropy does your system produce per password?

You’re extremely confident for someone disagreeing with literally every security professional I’ve talked to, and considering I work in the industry, that’s a lot of people.

Because your brain is terrible at remembering random data. Your simple system is extremely unlikely to produce passwords of any particular quality.

Also, I have 170 passwords saved. I don’t know how many of those live in the category of “once every six months”, which is too infrequent to remember easily.

Okay. You’re still doing tech support either way. I have no way of knowing how much free tech support you’re willing to give, hence my caveat of how much you’re willing to support them.

Netflix would disagree. People feel like they’re supposed to be getting access to a service, and if they’re not getting it they’ll complain to the nearest party to what isn’t working. In this case that’s you or Netflix being asked questions about why the router isn’t working.
That it’s wrong or irrational has nothing to do with who’s getting asked the question, and who’s the first line of troubleshooting when the service doesn’t work.

If people didn’t ask the wrong people questions, Netflix wouldn’t need support articles on how to reset your router.

Honestly, you’re supporting a chunk of her network by being a media provider in the first place. “It won’t play” doesn’t usually come with an assurance that it’s not a device or network issue.

Neither plex nor jellyfin seem remotely worth the effort to provide to others in my opinion, I just felt like sharing that there are ways to afford network protection to locked down devices.

I’ve got no real care for jellyfin one way or another, just sharing that there’s ways to make the network obey.

I think giving people access to my media server is asking for too much trouble personally. Now you’re dealing with forgotten passwords, people using your bandwidth at weird hours, and you basically become the media fairy, responsible for finding whatever it is people want, and then dealing with their issues when their device can’t codec at it for whatever janky reason.

I’m good at setting boundaries with family so it’s not stressful, just more annoying than I want to deal with.

Depending on their router and how much IT labor you care to do for these people you can actually configure a site to site VPN tunnel. All traffic for a particular address range will get routed through the VPN automatically.

It used to be a high end feature but it’s made it’s way into general routers since it doesn’t really require many resources and it lets you label it as having more home office features.

Yup. Violating IP licenses is a great reason to prevent it. According to current law, if they get Alice license for the book they should be able to use it how they want.
I’m not permitted to pirate a book just because I only intend to read it and then give it back. AI shouldn’t be able to either if people can’t.

Beyond that, we need to accept that might need to come up with new rules for new technology. There’s a lot of people, notably artists, who object to art they put on their website being used for training. Under current law if you make it publicly available, people can download it and use it on their computer as long as they don’t distribute it. That current law allows something we don’t want doesn’t mean we need to find a way to interpret current law as not allowing it, it just means we need new laws that say “fair use for people is not the same as fair use for AI training”.

It wasn’t the crypto key pair part I was referring to, it was the part where fido is geared towards interactive user auth, not non-interactive storage.
It wouldn’t have surprised me if the ssh devs hadn’t put implementing fido support for host keys high in the development list, or that it was tricky to find documentation for. Using something like a tpm is the more typical method.

There’s no technical reason it can’t work, and the op got it to work so clearly the implementation supports it, but that doesn’t mean it’s the most expected setup, which means it might have unexpected gaps in functionality or terrible documentation.

Unfortunately, I think you’re going to run into trouble because fido authenticators are geared towards working as user authenticators rather than as device authenticators.
It certainly should be possible from a technical perspective, but implementation-wise, it’s very likely that the code focuses on making fido devices work with client keys, and using tpms for host keys, since that’s much more focused on headless server functionality.

Oval peg in a round hole.

Full disclosure, I’m not at work for a few months so I am far off my crypto system design game. I’m usually pretty good though. :)

Rather than full SSL I was thinking something along the lines of an hmac. Because we can introduce the two devices to each other physically we don’t need to worry too much about a full challenge response. It should be sufficient to send an hmac signed message with an always increasing counter to prevent replays.

Even if we went with challenge response, I think you could get acceptable battery life using symmetric algorithms instead of public key.

https://shop.ftsafe.us/collections/security-keys-ble/products/feitian-multipass-fido2-fido-u2f-usb-c-nfc-ble-security-key-k32

Bluetooth security fobs already exist that do far more than would be required for a car key, and they get a few months of battery life with typical daily usage.

Im not sure it would be to much to do. We already have Bluetooth beacons that can run for several years on a single small battery, reporting telemetry data every few seconds.
The key fob would only need to be active for a few moments a few times a day, so even if it was doing more work, it would be doing so much less frequently.
Depending on the ciphers chosen, they might be extremely energy efficient, since modern ones were often chosen as a standard with the requirement that they be able to be efficiently implemented in hardware.

Since we have the advantage of being able to be relatively certain that we can bring the car and the fob together, we don’t really need full public key, just the ability to verify the key to the car. Establishing a shared secret between the two and then using simpler symmetric ciphers makes it a lot easier

Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.

With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.

Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.

The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)

I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.

From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.

Okay? What does that have to do with the new advertising API the added support for in 128?

Very persuasive argument, definitely shows a strong grasp of the technical matters.