Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Storage

From: info () codingo net
Date: 2 Aug 2006 11:29:53 -0000
I don't really think there is much that you can do... If users absolutely had to store passwords on a central server or 
a document then you should use a system like the OS/X key chain whereby one password (with a good lot of entropy) can 
access the list of passwords.

The other thing you could do is work out a simple encryption system that people could use for storing passwords in 
documents... Perhaps ceaser shift the second or first half of the word? The problem with this is that it will only stop 
the most basic of attackers and most people wouldn't be bothered to do it at all...

If I was in your position then I would use systems  where people can set their own passwords... Make sure that the 
passwords are secure but are still something that the staffmember can remember...

Michael Skelton

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: