Security Basics mailing list archives
Re: securing password list
From: "E.Kellinis" <me () cipher org uk>
Date: Sat, 20 Mar 2004 15:04:08 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi , I would suggest : http://sourceforge.net/projects/passwordsafe/ Although you can do the following : Create a master password following a secure password methodology http://www.unm.edu/cirt/accts/psswrdmethodology.html Use these password as your master password and for every new site or service you need new password use the master password as plaintext and the service or sitename as password (or vice versa) the created cipher text is the new password for the new service . Example : Master password : password New site : ebay Passsword Creation : ebay + password = TBSQAPRB The new password for ebay is TBSQAPRB You dont have to remember this password cause you can generate it at any point using your master password. In this example I used vigenere cipher (very simple encryption) you can use any algorithm you find suitable for you. Manos ========================================================= *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt ========================================================= - ----- Original Message -----
In my job I have a number of username/passwords to various websites and machines that I must keep track of. I was soliciting ideas on how to store these passwords securely. Encrypting them with a passphrase seems counterproductive since the file may not be accessed for a while and the passphrase might be forgotten. Would biometrics be a safer idea? What security methods do you use to secure a list such as this? Any suggestions would be appreciated.
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQFxdZU5R4JfncDA4EQKvJgCg0i78msWatS81WNT2LAXkjnb7s1UAnj4v GvjhM6Jcaeb3Ct4Y/mdWcKKk =veAD -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- securing password list beevoo8 (Mar 19)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- <Possible follow-ups>
- RE: securing password list Dan Denton (Mar 19)
- Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
- RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)