Security Basics mailing list archives

Re: secure password communication

From: Andre Pawlowski <sqall () h4des org>
Date: Tue, 23 Dec 2008 11:05:48 +0100

sfmailsbm () gmail com wrote:

Dear List, we need to communicate first-time application passwords
to remote users; wanted to know what are the practices implemented
out there to ensure that password is communicated in a secure,
fast, cost-effective way

encrypted mails is not feasible for the time being, printing PIN
Mailers and sending by post will be too lengthy

any ideas will be appreciated

many thanks, Ron



Hi Ron,

I think in your situation is the best and simplest way to make a text
file with username and password, make a selfdecrypt file (for example
with 7zip, afaik it used AES256) and send it via email to the user
outside. When he gets the file and calls you, you can give him the
password via phone. Of course this way is not the safest one, but I
think in your situation even the best.

Regards

-- 

Andre Pawlowski

-------------------------------------------------------------------

Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.
    -Martin Fowler

Current thread:

secure password communication sfmailsbm (Dec 22)
- Re: secure password communication adeel hussain (Dec 22)
- Re: secure password communication Ansgar Wiechers (Dec 22)
- Re: secure password communication Stephen Thornber (Dec 22)
- Re: secure password communication James Lawrie (Dec 22)
- Re: secure password communication Mitchell Rowton (Dec 22)
  - Re: secure password communication Shreyas Zare (Dec 23)
- Re: secure password communication Andre Pawlowski (Dec 23)
- <Possible follow-ups>
- Re: secure password communication dan . crowley (Dec 22)
- Re: secure password communication John Jordan (Dec 23)
- Re: secure password communication dan . crowley (Dec 23)