Security Basics mailing list archives

RE: securing password list

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 24 Mar 2004 09:26:37 -0800

  "Fireproof" boxes are rated in terms of how long materials
inside will survive a typical building fire outside.  I think
two hours for a sheet of paper is a pretty typical performance 
range -- less is probably a poor value, and more can cost
mucho more.

David Gillett

-----Original Message-----
From: Jeremy McBane [mailto:Jeremy () devcocomputers com]
Sent: Tuesday, March 23, 2004 10:15 AM
To: security-basics () securityfocus com
Subject: RE: securing password list


In reference to a fireproof box, what kind of media is not 
vulnerable to melting within from the intense heat?
--
Jeremy McBane
Devco Computers
Jeremy () devcocomputers com
337.993.3212
--

-----Original Message-----
From: Josh Mills [mailto:JMills () cnbwaco com] 
Sent: Friday, March 19, 2004 7:17 PM
To: Dan Denton; beevoo8 () hotmail com; security-basics () securityfocus com
Subject: RE: securing password list


I have a similar setup, I have an off network linux box 
behind two secured doors and i make a weekly backup that is 
stored in an offsite fireproof box along with all of my other 
backup tapes.

-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com]
Sent: Friday, March 19, 2004 12:02 PM
To: beevoo8 () hotmail com; security-basics () securityfocus com
Subject: RE: securing password list


I keep out password lists in an off-network linux box in a 
secured room, for which only I know the password. Of course 
if anyone else gains access to the room they could snag the 
whole CPU, but it's unlikely here. I also keep a weekly 
backup on floppy in a locked firesafe.

-----Original Message-----
From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
Sent: Thursday, March 18, 2004 11:52 AM
To: security-basics () securityfocus com
Subject: securing password list




In my job I have a number of username/passwords to various 
websites and machines that I must keep track of.  I was 
soliciting ideas on how to store these passwords securely.  

Encrypting them with a passphrase seems counterproductive 
since the file may not be accessed for a while and the 
passphrase might be forgotten. Would biometrics be a safer 
idea? What security methods do you use to secure a list such as this? 



Any suggestions would be appreciated.

--------------------------------------------------------------
----------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off 
any course! All of our class sizes are guaranteed to be 10 
students or less 
to facilitate one-on-one interaction with one of our expert 
instructors.

Attend a course taught by an expert instructor with years of 
in-the-field 
pen testing experience in our state of the art hacking lab. 
Master the skills 
of an Ethical Hacker to better assess the security of your 
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
----------
----


--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off 
any course! All of our class sizes are guaranteed to be 10 
students or less 
to facilitate one-on-one interaction with one of our expert 
instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field 
pen testing experience in our state of the art hacking lab. 
Master the skills 
of an Ethical Hacker to better assess the security of your 
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------


--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off 
any course! All of our class sizes are guaranteed to be 10 
students or less 
to facilitate one-on-one interaction with one of our expert 
instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field 
pen testing experience in our state of the art hacking lab. 
Master the skills 
of an Ethical Hacker to better assess the security of your 
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 3/22/2004
 

--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off 
any course! All of our class sizes are guaranteed to be 10 
students or less 
to facilitate one-on-one interaction with one of our expert 
instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field 
pen testing experience in our state of the art hacking lab. 
Master the skills 
of an Ethical Hacker to better assess the security of your 
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

securing password list beevoo8 (Mar 19)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- <Possible follow-ups>
- RE: securing password list Dan Denton (Mar 19)
  - Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
  - RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)