Security Basics mailing list archives
Re: Password storage tool?
From: "Simon Gray" <simong () desktop-guardian com>
Date: Thu, 21 Aug 2003 15:40:55 +0100
Hi, Encrypting and storing on the network is all fine and well, but in order to encrypt you have to use a key of some type. The problem isn't encrypting the files - that's easy. The problem is securely storing the keys to decrypt the files. A better way would be to securely store the files on a system (maybe intranet?), that requires 2 factor authentication (smart cards, tokens etc..) to access that system - that preferably isn't accessible from the internet. You may also wish to look at ssl for if you do have access to the files on your intranet so they aren't transmitted over the intranet in cleartext. Hope this helps - if I can be of any more help let me know. Regards, Simon Gray, Desktop Guardian Ltd ----- Original Message ----- From: <john () tpna com> To: <security-basics () securityfocus com> Sent: Wednesday, August 20, 2003 7:53 PM Subject: Password storage tool? Hi All: Looking for a utility that we can use enterprise-wide to self-service passwords. Things like service accounts, Domain Registrar accounts, etc... Right now we do the manual information to an envelope that gets stored in a safe. I realize that storing this info on the network is usually a Bad Thing(tm), but if we can securely encrypt it, it makes it a lot easier for people to get the info in the time of need (without the gatekeeper having to drive into the office at 4am). Looking for real-world stories, ideas, what didn't work, etc... -john "MMS <takedapharm.com>" made the following annotations. ---------------------------------------------------------------------------- -- This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ============================================================================ == --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Password storage tool? john (Aug 20)
- Re: Password storage tool? Simon Gray (Aug 21)
- Re: Password storage tool? senrong (Aug 21)
- <Possible follow-ups>
- RE: Password storage tool? McGill, Lachlan (Aug 21)
- SoBig and some info Kevin Saenz (Aug 21)
- Re: SoBig and some info Sebastian Schneider (Aug 22)
- SoBig and some info Kevin Saenz (Aug 21)
- RE: Password storage tool? Meidinger Chris (Aug 21)
- RE: Password storage tool? Tim Donahue (Aug 21)
- RE: Password storage tool? Chris Merkel (Aug 21)
- RE: Password storage tool? Jennifer Fountain (Aug 21)
- RE: Password storage tool? Chris Berry (Aug 22)