Re: Password creating Theories

From: Saqib Ali (docbook.xml_at_gmail.com)
Date: 11/15/05

  • Next message: Joe Barrett: "Re: Cisco Books"
    Date: Tue, 15 Nov 2005 10:36:44 -0800
    To: Jennifer Fountain <jfountain@rbinc.com>
    
    

    Random but pronounceable passwords:
    http://www.xml-dev.com/blog/?action=viewtopic&id=122
    always work for root/admin password, i.e. if they are complicated enough.

    If these are top secret systems devise a scheme of hashing some
    specific info about the server.
    e.g. password = sha1(servername + function + dnsname etc)
    Don't tell the scheme to your administrators, just give them the hash
    value. This way you don't have to write down password for all the
    systems. In case u forget the password u can re-create the password
    using the scheme.

    On 11/11/05, Jennifer Fountain <jfountain@rbinc.com> wrote:
    > I am currently coming up with a new policy to create root/admin
    > passwords for windows and linux boxes and would like to know your
    > thoughts on the methods you use to create them. Thanks for any input!

    --
    In Peace,
    Saqib Ali
    http://www.xml-dev.com/blog/
    Consensus is good, but informed dictatorship is better.
    

  • Next message: Joe Barrett: "Re: Cisco Books"

    Relevant Pages

    • Re: A revision of my text stego scheme
      ... It may be my subjectivity, but I still find it difficult to understand ... With the hashing scheme and a shared secret appended to the text before ... addition to automatically screen emails for certain keywords, ...
      (sci.crypt)
    • Re: A revision of my text stego scheme
      ... With the hashing scheme and a shared secret appended to the text before ... for free and that it will make the stego harder to detect. ... addition to automatically screen emails for certain keywords, ...
      (sci.crypt)
    • RE: Password creating Theories
      ... That goes against the required practice of regularly changing ... always work for root/admin password, i.e. if they are complicated enough. ... Don't tell the scheme to your administrators, ...
      (Security-Basics)