Security Basics mailing list archives

RE: securing password list

From: "Fahr, Sam@HHSDC-SFIS" <Sam.Fahr () sid hhsdc ca gov>
Date: Wed, 24 Mar 2004 09:35:38 -0800

A really excellent point, Jeremy.  In a previous job I had to assist in data
recovery from a "fireproof" cabinet.  The cabinet may have been flame-proof,
but was definitely not fireproof.  In fact, (bear in mind this was in the
80's) the backup data was stored on 10 & 1/2" tape.  When we laid the leader
of the first tape out on a table it had a 6 degree arc.  The tape spindle
itself was severely distorted.  On some sections of tape the iron oxide
separated from the Mylar backing.  All in all, a terrific mess.  The fire
started in the building floor below the room where the cabinet was located.
BTW: we were able to recover 98% of the data and performed the work for no
charge to our customer.   


Thanks!
Samuel S. Fahr
Statewide Fingerprint Imaging System
916 229-3310 (office)
916 798-3089 (cellular)


-----Original Message-----
From: Jeremy McBane [mailto:Jeremy () devcocomputers com]
Sent: Tuesday, March 23, 2004 10:15 AM
To: security-basics () securityfocus com
Subject: RE: securing password list


In reference to a fireproof box, what kind of media is not vulnerable to
melting within from the intense heat?
--
Jeremy McBane
Devco Computers
Jeremy () devcocomputers com
337.993.3212
--

-----Original Message-----
From: Josh Mills [mailto:JMills () cnbwaco com] 
Sent: Friday, March 19, 2004 7:17 PM
To: Dan Denton; beevoo8 () hotmail com; security-basics () securityfocus com
Subject: RE: securing password list


I have a similar setup, I have an off network linux box behind two secured
doors and i make a weekly backup that is stored in an offsite fireproof box
along with all of my other backup tapes.

-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com]
Sent: Friday, March 19, 2004 12:02 PM
To: beevoo8 () hotmail com; security-basics () securityfocus com
Subject: RE: securing password list


I keep out password lists in an off-network linux box in a secured room, for
which only I know the password. Of course if anyone else gains access to the
room they could snag the whole CPU, but it's unlikely here. I also keep a
weekly backup on floppy in a locked firesafe.

-----Original Message-----
From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
Sent: Thursday, March 18, 2004 11:52 AM
To: security-basics () securityfocus com
Subject: securing password list




In my job I have a number of username/passwords to various websites and
machines that I must keep track of.  I was soliciting ideas on how to store
these passwords securely.  

Encrypting them with a passphrase seems counterproductive since the file may
not be accessed for a while and the passphrase might be forgotten. Would
biometrics be a safer idea? What security methods do you use to secure a
list such as this? 



Any suggestions would be appreciated.

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Re: securing password list, (continued)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Dan Denton (Mar 19)
  - Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
  - RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)