Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password creating Theories

From: "Jon Gucinski" <gucinski () gmail com>
Date: Tue, 15 Nov 2005 22:53:50 +0200
While that would give you one secure password, it would ONLY provide one per
system.  That goes against the (IMO) required practice of regularly changing
passwords.  

-Jon

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com] 
Sent: Tuesday, November 15, 2005 8:37 PM
To: Jennifer Fountain
Cc: security-basics () securityfocus com
Subject: Re: Password creating Theories

Random but pronounceable passwords:
http://www.xml-dev.com/blog/?action=viewtopic&id=122
always work for root/admin password, i.e. if they are complicated enough.

If these are top secret systems devise a scheme of hashing some
specific info about the server.
e.g. password = sha1(servername + function + dnsname etc)
Don't tell the scheme to your administrators, just give them the hash
value. This way you don't have to write down password for all the
systems. In case u forget the password u can re-create the password
using the scheme.

On 11/11/05, Jennifer Fountain <jfountain () rbinc com> wrote:

I am currently coming up with a new policy to create root/admin
passwords for windows and linux boxes and would like to know your
thoughts on the methods you use to create them.  Thanks for any input!

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Previous By Date Next
Previous By Thread Next

Current thread: