On Sun, 2002-05-12 at 07:27, Jonas V. wrote: > But I will never use that disk. > I'll write the passwords on a simply piece of paper. > No remote cracker can found my passwords (if he doesn't use trojans, > sniffing, spoofing..., but I've got firewall and IDS) > When I lose the piece of paper, I've got the disk.
A backup disk is a great idea. I always loose my pieces of paper (unless I remember to stick it in my wallet). Of course - now your piece of paper becomes a single point of failure. If someone finds the lost paper (or reads it while sitting on the desk next to your keyboard), those accounts are probably compromised. You might want to consider the following idea. One of the groups I worked with publishes a monthly wallet-sized password cheat sheet for privileged accounts (root, admin, etc) they work with. A typical entry would look like: kerberos1: x56u@P The sheets where physically handed to each member of the group along with a verbal secret called "the cookie". The cookie was an identifier within the password that would be used to alter it. In our example the cookie could be the '@' and the modifier could be '17'. So then the real password would be 'x56u@17P'. The cookie would show up at different locations within each password listed. And the cookie would not be the only duplicate character in each password. The method is far from completely secure. But it is easy to remember and less likely to be attacked by cryptanalysis (which could unearth methods like simple substitution, ROT, or place-swapping, etc). It also falls (very) roughly in line with a general rule of thumb for secure identification systems: A secure system should include at least 2 of 3 items: 1) Something you have (ie: a key or smartcard) 2) Something you know (ie: a PIN or password) 3) Something you are (ie: biometrics - fingerprint, cornea scan, etc) Anyway... that is starting to get away from the original topic. > "Bitte ein Bit" is a advertisement-phrase for a bear with the name "Bitburger". Indeed it is! I used to live 20 minutes outside of Bitburg. There was not a gasthaus in the area that didn't have the Bitburger logo and Simon on its sign. -- .: Paul Hosking . [EMAIL PROTECTED] .: InfoSec .: PGP KeyID: 0x42F93AE9 .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9
