[ale] password management
Transam
bob at verysecurelinux.com
Wed Jul 23 12:54:37 EDT 2003
On Wed, Jul 23, 2003 at 11:04:37AM -0400, Robert L. Harris wrote:
> I keep 2 copies of my password list. The first is in my home directory
> at home as well as work. It is gpg encrypted with a 2048bit key. If I
> need an individual password I don't have memorized:
> gpg -d passwords.txt.gpg | grep host
If your personal account or root gets compromised on either of these
systems, all of your passwords will get compromised when you decrypt
or supply your passphrase for another operation. This also relies on
the security of your passphrase.
> Puts it to my screen and not on disk. I also keep a copy of this file
> on a USB memory stick on my keychain. It's very easy to keep these in
> sync with rsync.
If your "grep" process gets paged to disk, all of your passwords could
reside on disk for a long time in the swap partition.
> The second copy I keep on my PalmPilot. If you go to:
> http://www.linkesoft.com/secret/
> You can get "Secret!" for PalmOS which is 128Bit encryption, autologout,
> etc. This is great if you also get "SecretDesktop" which can read a
> PDA's sync'd files from Intellisync. Basically I can keep up small
> changes easily or I do this when a major password change happens:
> Sync my Pilot
> gpg -d passwords.txt.gpg
> copy the output of the gpg to a certain samba shared folder (I do this
> at home only)
> Open the file on the share in notepad
> Open SecretDesktop
> Paste the info into SecretDesktop
> Delete the file on the share
> Resync my Pilot
> Works very well for me.
> Thus spake Christopher Bergeron (christopher at bergeron.com):
> > Does anyone have any good tips on how to manage passwords? I did a
> > quick tally today of how many passwords we need to keep track of and I
> > stopped at the 100 mark. We use passwords for different boxes, vendor
> > services (T1 management websites, etc)., client files (pgp), client
> > websites, phone systems, jetdirect boxes, all-in-one copiers, email
> > clients, routers, vpns, etc... I'd like to implement LDAP here, but I
> > can't convince management to let me spend time on it (just to make my
> > life easier).
> >
> > Sooo....
> >
> > What I was wondering is if anyone has any tips on how they keep track of
> > many UID/signon/passwords. I've seen keychains, etc, but I'm sure I
> > want to key about 100 passwords into a little keychain. I currently
> > have them all written down on 1 page of a notebook (that I guard with my
> > life). I know it's probably not best practice, but it's impossible to
> > keep all that stuff in [my] memory. Does anyone have a good algorithm
> > for creating passwords that might make my life easier? If comporomised
> > it would probably mean a world of hurt, but I need to come up with some
> > kind of solution...
> >
> > What do you guys use (aside from LDAP or Radius)? Any suggestions?
> >
> > Thanks,
> > -CB
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | GPG Key ID: E344DA3B
> @ x-hkp://pgp.mit.edu
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
> Diagnosis: witzelsucht
> IPv6 = robert at ipv6.rdlg.net http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net http://www.rdlg.net
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list