Security Basics mailing list archives
Re: Password Storage
From: info () codingo net
Date: 2 Aug 2006 11:29:53 -0000
I don't really think there is much that you can do... If users absolutely had to store passwords on a central server or a document then you should use a system like the OS/X key chain whereby one password (with a good lot of entropy) can access the list of passwords. The other thing you could do is work out a simple encryption system that people could use for storing passwords in documents... Perhaps ceaser shift the second or first half of the word? The problem with this is that it will only stop the most basic of attackers and most people wouldn't be bothered to do it at all... If I was in your position then I would use systems where people can set their own passwords... Make sure that the passwords are secure but are still something that the staffmember can remember... Michael Skelton --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Password Storage, (continued)
- Re: Password Storage Devdas Bhagat (Aug 02)
- Re: Password Storage Rob klein Gunnewiek (Aug 02)
- Re: Password Storage Robert Larsen (Aug 02)
- Re: Password Storage Ayaz Ahmed Khan (Aug 03)
- RE: Password Storage Nicholas Fanelli (Aug 02)
- Re: Password Storage Greg Merideth (Aug 03)
- Re: Password Storage Saqib Ali (Aug 04)
- Re: Password Storage Glenn English (Aug 03)
- Re: Password Storage Kenton Smith (Aug 03)
- Re: Password Storage guhus (Aug 02)
- Re: Password Storage info (Aug 02)
- Re: Password Storage c . brace (Aug 02)
- Re: Password Storage Needs More Longcat (Aug 03)
- RE: Password Storage Del Thompson (Aug 02)
- RE: Password Storage Dunigan, Michael (Aug 03)
- RE: Password Storage Krpata, Tyler (Aug 03)
- Re: RE: Password Storage krymson (Aug 03)
- Re: Re: Password Storage mail (Aug 03)
- Re: Password Storage Doug W (Aug 04)
- What to look in IIS Logs on daily basis Bhattacharya, Ananda (Aug 04)
- RE: Re: Password Storage BARRETT,WILL (Aug 04)
(Thread continues...)