Security Basics mailing list archives
RE: securing password list
From: "Fahr, Sam@HHSDC-SFIS" <Sam.Fahr () sid hhsdc ca gov>
Date: Wed, 24 Mar 2004 09:35:38 -0800
A really excellent point, Jeremy. In a previous job I had to assist in data recovery from a "fireproof" cabinet. The cabinet may have been flame-proof, but was definitely not fireproof. In fact, (bear in mind this was in the 80's) the backup data was stored on 10 & 1/2" tape. When we laid the leader of the first tape out on a table it had a 6 degree arc. The tape spindle itself was severely distorted. On some sections of tape the iron oxide separated from the Mylar backing. All in all, a terrific mess. The fire started in the building floor below the room where the cabinet was located. BTW: we were able to recover 98% of the data and performed the work for no charge to our customer. Thanks! Samuel S. Fahr Statewide Fingerprint Imaging System 916 229-3310 (office) 916 798-3089 (cellular) -----Original Message----- From: Jeremy McBane [mailto:Jeremy () devcocomputers com] Sent: Tuesday, March 23, 2004 10:15 AM To: security-basics () securityfocus com Subject: RE: securing password list In reference to a fireproof box, what kind of media is not vulnerable to melting within from the intense heat? -- Jeremy McBane Devco Computers Jeremy () devcocomputers com 337.993.3212 -- -----Original Message----- From: Josh Mills [mailto:JMills () cnbwaco com] Sent: Friday, March 19, 2004 7:17 PM To: Dan Denton; beevoo8 () hotmail com; security-basics () securityfocus com Subject: RE: securing password list I have a similar setup, I have an off network linux box behind two secured doors and i make a weekly backup that is stored in an offsite fireproof box along with all of my other backup tapes. -----Original Message----- From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] Sent: Friday, March 19, 2004 12:02 PM To: beevoo8 () hotmail com; security-basics () securityfocus com Subject: RE: securing password list I keep out password lists in an off-network linux box in a secured room, for which only I know the password. Of course if anyone else gains access to the room they could snag the whole CPU, but it's unlikely here. I also keep a weekly backup on floppy in a locked firesafe. -----Original Message----- From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] Sent: Thursday, March 18, 2004 11:52 AM To: security-basics () securityfocus com Subject: securing password list In my job I have a number of username/passwords to various websites and machines that I must keep track of. I was soliciting ideas on how to store these passwords securely. Encrypting them with a passphrase seems counterproductive since the file may not be accessed for a while and the passphrase might be forgotten. Would biometrics be a safer idea? What security methods do you use to secure a list such as this? Any suggestions would be appreciated. ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: securing password list, (continued)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Dan Denton (Mar 19)
- Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
- RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)