Security Basics mailing list archives

Re: Password creating Theories

From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 15 Nov 2005 10:36:44 -0800

Random but pronounceable passwords:
http://www.xml-dev.com/blog/?action=viewtopic&id=122
always work for root/admin password, i.e. if they are complicated enough.

If these are top secret systems devise a scheme of hashing some
specific info about the server.
e.g. password = sha1(servername + function + dnsname etc)
Don't tell the scheme to your administrators, just give them the hash
value. This way you don't have to write down password for all the
systems. In case u forget the password u can re-create the password
using the scheme.

On 11/11/05, Jennifer Fountain <jfountain () rbinc com> wrote:

I am currently coming up with a new policy to create root/admin
passwords for windows and linux boxes and would like to know your
thoughts on the methods you use to create them.  Thanks for any input!

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Current thread:

Password creating Theories Jennifer Fountain (Nov 15)
- Re: Password creating Theories Glenn English (Nov 15)
  - Re: Password creating Theories ework0 (Nov 16)
    - Re: Password creating Theories Glenn English (Nov 16)
  - Re: Password creating Theories Chris Umphress (Nov 16)
- Re: Password creating Theories Saqib Ali (Nov 15)
  - RE: Password creating Theories Jon Gucinski (Nov 16)
  - RE: Password creating Theories Adrian Floarea (Nov 16)
- Re: Password creating Theories Jacob Bresciani (Nov 15)
- Re: Password creating Theories Gaddis, Jeremy L. (Nov 16)
- Re: Password creating Theories Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Password creating Theories Justin (Nov 16)
- <Possible follow-ups>
- Re: Password creating Theories Steve.Cummings (Nov 15)
  - RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories Andrew Williams (Nov 15)
  - Re: Password creating Theories Saqib Ali (Nov 16)

(Thread continues...)