Final Word on the Password Problem

Fairlight fairlite at fairlite.com
Mon Jul 12 18:58:08 PDT 2004


With neither thought nor caution, Jay Ashworth blurted:
> 
> I agree with Bob, JP, and Mark, though I'll note that these days, it's
> reasonably secure to write down all your passwords into an encrypting
> password safe on your {PDA,cellphone,PC}, as long as that password safe
> is itself of a reasonable level of security (good enough encryption,
> scrubs ram and swap, etc).

The -only- place I will do it is in a file on a hardened internal system,
PGP-encrypted with a -memorised- passphrase (yes, phrase).  And I -still-
don't like to do it.  I only do it for passwords that aren't of my
generation -until- I memorise them, then I decrypt, wipe the line from that
file, and reencrypt.  I do that memorisation as soon as possible.

> Memorize the passphrase (yes, you'd better be able to use a
> pass*phrase*) that you key that to...

Amen.  *chuckle*  I lost $75 for an SSL Cert reassignment fee because
Thawte took over six weeks when they lost our paperwork, and I used a
PEM passphrase that I was expecting to need -once- more, inside three days.
I've since changed my methodology for assigning passphrases and -cannot-
forget even my longest PEM passphrases.

I'd rather eat a fee like that than risk a system though.

> Tell your wife, or office assistant.

Already taken care of.  I'm covered.

> http://ftp.arl.mil/~mike/

I'll have to look at that in a little bit.  Haven't read it yet.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html


More information about the Filepro-list mailing list