Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Storage

From: Robert Larsen <robert () komogvind dk>
Date: Wed, 02 Aug 2006 11:45:24 +0200
Doug W wrote:
What do people generally do in the case of password storage? For example, I strongly believe that storing passwords in documents is a terrible idea as I am sure you would agree.
I have a USB stick with all my passwords in an encrypted text file. I then use this bash function (or type the commands myself) for reading or changing the list: 

VimPasswords(){
  TEMPFILE1=/tmp/blar8937p
  TEMPFILE2=/tmp/blar8937q
  if [ ! -f /media/usb/Docs/passwords.txt.gpg ]; then
      echo "No password file. USB stick not mounted ?"
      return
  fi

  gpg -o $TEMPFILE1 /media/usb/Docs/passwords.txt.gpg
  if [ "$?" != "0" ]; then
      return
  fi
  cp $TEMPFILE1 $TEMPFILE2

  vim $TEMPFILE1
  diff $TEMPFILE1 $TEMPFILE2 >/dev/null 2>&1
  if [ "$?" != "0" ]; then
      #The file has changed. Reencrypt it.
      CODE=1
      while [ "$CODE" != "0" ]; do
          gpg -o /media/usb/Docs/passwords.txt.gpg --symmetric $TEMPFILE1
          CODE=$?
      done
  fi
  wipe $TEMPFILE1 $TEMPFILE2
}

This could probably be coded better but it works for me.
gpg exists for both Unix and Windows.

Robert

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: