Security Basics mailing list archives
RE: Password creating Theories
From: "Jon Gucinski" <gucinski () gmail com>
Date: Tue, 15 Nov 2005 22:53:50 +0200
While that would give you one secure password, it would ONLY provide one per system. That goes against the (IMO) required practice of regularly changing passwords. -Jon -----Original Message----- From: Saqib Ali [mailto:docbook.xml () gmail com] Sent: Tuesday, November 15, 2005 8:37 PM To: Jennifer Fountain Cc: security-basics () securityfocus com Subject: Re: Password creating Theories Random but pronounceable passwords: http://www.xml-dev.com/blog/?action=viewtopic&id=122 always work for root/admin password, i.e. if they are complicated enough. If these are top secret systems devise a scheme of hashing some specific info about the server. e.g. password = sha1(servername + function + dnsname etc) Don't tell the scheme to your administrators, just give them the hash value. This way you don't have to write down password for all the systems. In case u forget the password u can re-create the password using the scheme. On 11/11/05, Jennifer Fountain <jfountain () rbinc com> wrote:
I am currently coming up with a new policy to create root/admin passwords for windows and linux boxes and would like to know your thoughts on the methods you use to create them. Thanks for any input!
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Password creating Theories Jennifer Fountain (Nov 15)
- Re: Password creating Theories Glenn English (Nov 15)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Glenn English (Nov 16)
- Re: Password creating Theories Chris Umphress (Nov 16)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Saqib Ali (Nov 15)
- RE: Password creating Theories Jon Gucinski (Nov 16)
- RE: Password creating Theories Adrian Floarea (Nov 16)
- Re: Password creating Theories Jacob Bresciani (Nov 15)
- Re: Password creating Theories Gaddis, Jeremy L. (Nov 16)
- Re: Password creating Theories Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Password creating Theories Justin (Nov 16)
- <Possible follow-ups>
- Re: Password creating Theories Steve.Cummings (Nov 15)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories Andrew Williams (Nov 15)
- Re: Password creating Theories Saqib Ali (Nov 16)
- FW: Password creating Theories Christopher Carpenter (Nov 16)
(Thread continues...)
- Re: Password creating Theories Glenn English (Nov 15)