Password Management
Next message: Barrie Dempster: "RE: Root usage and applications"
Date: Fri, 18 Nov 2005 11:31:22 +0530
To: security-basics@securityfocus.com, secprog@securityfocus.com
Hi all,
An application has been using PAM of unix till now for password authentication.
This is a client server model where server uses a database for its operations.
Now it has to manage the passwords by itself with following constraints.
--> Check if password is not the same as previous 5 passwords set
--> Check if the password differs from old password by alteast 3 characters.
So, can you please give me suggestions to manage this effectively ?
--> Do I encrypt and save the previous 5 and the current passwords in
database or how can the passwords be stored better?
--> Can symmetric keys be used or will assymetric key usage be better ?
--> How to decide upon the key values ?
Guess, Hashing will not be useful since we need to check for atleast 3
character change in passwords. Plz comment.
--
Thanks
Badhri
Next message: Barrie Dempster: "RE: Root usage and applications"
Relevant Pages
- Re: Pathname to access and usernames in shortcut
... >> network drive (for maintenance reasons initially, ... >> using usernames but no passwords. ... change their passwords within the access database (they won't know how ... >> gets the current username from the system and then calls access (via the ...
(microsoft.public.access.security) - Re: security issues
... It was obviously never meant to be; multiple defences against it being ... The Ubuntu installer uses a framework called debconf to do ... when you're asking for passwords ... you take a lot of care to clean them out of the database ...
(Ubuntu) - Re: Basic security questions
... > question be able to open the database in the appropriate view. ... > Isn't there any way to just set up users with passwords that are saved ... How would I specify a relative path for the ... The path to the workgroup file is defined in a shortcut in the format: ...
(microsoft.public.access.security) - Re: Windows service
... if you know all of this why you recommend to Rotsey not to use Domain Security? ... It's easily cracked, doesn't have any metering on it to prevent brute force attacks, transmits the credentials to the database in plain-text, and doesn't integrate at all into the standard security infrastructure already being used by the organization. ... There's no default monitoring of the invalid password attempts, no automatic account lock-out, etc. There's a ton of documentation on this found on the web. ... It's one less set of passwords to remember, less configuration in the long run, fewer plain-text passwords floating around in email & config files. ...
(microsoft.public.dotnet.languages.csharp) - Re: Security Problem with Access 2000
... has the user names, personal ID's, and passwords. ... I backed up the database on a CD. ... If you have the report with the user information, then you should be able to open the database with that information. ... Make sure that you're using the correct workgroup file (the wizard normally creates a desktop shortcut; ...
(microsoft.public.access.security) |
|
