Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Storage

From: guhus () hotmail com
Date: 2 Aug 2006 02:48:14 -0000
Hi doug, nice try with this.
It's a real common problem to all security people involved and a big Dilema too. It's some kind of Who was the first, 
the chicken or the egg? =)
Well, in my company we resolved this with two procedures:

The first one is: some kind of locker where all passwords resides in. Only one is responsible of that documentation 
/locker combination.
This problem has the disadvantages if the person in charge died. 
In that case, what we do? 
Do we call to the locksmith? I don't think so.
But it's useful in some cases.

The second one and more suitable as responsible
of the security is using encrypted pendrives.
( look at truecrypt dot org )
Of course, if I die, We can't call to anyone (RSA 1024 keys has not been broken, if I'm sure).
Also this, depends on a password ( and it could be in the locker too =)
Anyway, there are a lot of useful tools
to perform this task.
I used truecrypt because It's flexible, robust, open source, fast and for mobile users, indeed.

And always exists a grade of trust with your partners.

Hope this helps.
salu2..
GUs-XP

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: