Security Basics mailing list archives
RE: Password Auto-Repository
From: "Reece, Terry" <terry.reece () nmci-isf com>
Date: Thu, 10 Feb 2005 13:08:34 -0500
While this technology, with some refinement, could be very beneficial and make many processes in an environment easier, I don't know that I'd want it on my network. Regardless of what kind of security this thing may or may not have, the old saying "Don't put all your eggs in one basket" seems to make sense here. I have seen the use of Password Safe (http://www.schneier.com/passsafe.html) in a similar capacity, and it worked very well. It's not an enterprise product by any means, but for someone who has a lot of passwords to remember, it's very worthwhile. Passwords are stored with Blowfish encryption, and it only takes a single password to unlock. It still doesn't cover the management of passwords, but it may provide a solution in the interim until you find something else. Terry -----Original Message----- From: Mike Chapple [mailto:Chapple.1 () nd edu] Sent: Wednesday, February 09, 2005 14:05 To: security-basics () securityfocus com Subject: Re: Password Auto-Repository I reviewed PAR 1.1 in the April 2004 issue of Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss366_art702,00.html Best regards, Mike xyberpix wrote:
Hey All, Need some thoughts on this device: http://www.e-dmzsecurity.com/par.html#f Damagement is considering buying a couple of these, as at present things such as root passwords are stored in a safe, and well, when access is needed to root passwords at say 3 in the morning, one of the security staff have to physically come into the office to read the password out to someone. As you can imagine this is not an optimal way to do things, so they found this device. Now personally i don't like the idea of having one device sitting on the network that has all our critical passwords on it. Especially something running Windows 2003. What are you views on this, and any recomendations would be greatly appreciated. xyberpix
Current thread:
- RE: Password Auto-Repository Reece, Terry (Feb 10)