RE: Password Auto-Repository

["Reece, Terry" <terry.reece () nmci-isf com>]

While this technology, with some refinement, could be very beneficial and make many processes in an environment easier, 
I don't know that I'd want it on my network. Regardless of what kind of security this thing may or may not have, the 
old saying "Don't put all your eggs in one basket" seems to make sense here. I have seen the use of Password Safe 
(http://www.schneier.com/passsafe.html) in a similar capacity, and it worked very well. It's not an enterprise product 
by any means, but for someone who has a lot of passwords to remember, it's very worthwhile. Passwords are stored with 
Blowfish encryption, and it only takes a single password to unlock. It still doesn't cover the management of passwords, 
but it may provide a solution in the interim until you find something else. 

Terry

-----Original Message-----
From: Mike Chapple [mailto:Chapple.1 () nd edu]
Sent: Wednesday, February 09, 2005 14:05
To: security-basics () securityfocus com
Subject: Re: Password Auto-Repository


I reviewed PAR 1.1 in the April 2004 issue of Information Security Magazine:

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss366_art702,00.html

Best regards,
Mike

xyberpix wrote:

> Hey All,
>
> Need some thoughts on this device:
>
> http://www.e-dmzsecurity.com/par.html#f
>
> Damagement is considering buying a couple of these, as at present things
> such as root passwords are stored in a safe, and well, when access is
> needed to root passwords at say 3 in the morning, one of the security
> staff have to physically come into the office to read the password out to
> someone. As you can imagine this is not an optimal way to do things, so
> they found this device. Now personally i don't like the idea of having one
> device sitting on the network that has all our critical passwords on it.
> Especially something running Windows 2003. What are you views on this, and
> any recomendations would be greatly appreciated.
>
> xyberpix
>
>
>