Home page logo
/

basics logo Security Basics mailing list archives

Re: securing password list
From: "E.Kellinis" <me () cipher org uk>
Date: Sat, 20 Mar 2004 15:04:08 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi , 

I would suggest : http://sourceforge.net/projects/passwordsafe/ 

Although you can do the following :
Create a master password following a secure password methodology 
http://www.unm.edu/cirt/accts/psswrdmethodology.html

Use these password as your master password and for every new site or
service you need 
new password use the master password as plaintext and the service or
sitename as password (or vice versa)
the created cipher text is the new password for the new service . 

Example : 

Master password : password
New site : ebay

Passsword Creation : 
ebay + password   = TBSQAPRB

The new password for ebay is TBSQAPRB  
You dont have to remember this password cause you can generate it at
any point using your 
master password. 

In this example I used vigenere cipher (very simple encryption) 
you can use any algorithm you find suitable for you.



Manos

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================

- ----- Original Message ----- 
In my job I have a number of username/passwords to various websites
and machines that I must keep track of.  I was soliciting ideas on
how to store these passwords securely.   Encrypting them with a
passphrase seems counterproductive since the file may not be
accessed for a while and the passphrase might be forgotten.  Would
biometrics be a safer idea? What security methods do you use to
secure a list such as this?   

Any suggestions would be appreciated.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBQFxdZU5R4JfncDA4EQKvJgCg0i78msWatS81WNT2LAXkjnb7s1UAnj4v
GvjhM6Jcaeb3Ct4Y/mdWcKKk
=veAD
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault