Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why? Because some high powered adversary is spying and decrypting all your internet traffic to find a passphrase you may or may not use in its entirety?


DDG should be fine to be trusted but you don't know what kind of code produced it.

You need to worry about where the produced password is stored, how random it is and you can't prove any of it.

Generally, you can't just decrypt your traffic... there are other attack vectors.


Our instant answers are open source. You can see the Perl used for the passphrase Goodie here: https://github.com/duckduckgo/zeroclickinfo-goodies/blob/mas...

We’re not storing these generated phrases anywhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: