Re: Is the software for key management secure?

From: Kevin Davidson (kevin_at_qsinc.com)
Date: 09/17/04 

Date: Fri, 17 Sep 2004 13:15:54 -0400

Shenan Stanley wrote:
> secure-or-not wrote:
>
>>I use a software "Just1key" to manage keys for some
>>accounts when I login some websites. Is it secure? Could
>>the software bring about more risk of being hacked?
>>If someone knows the only one key for keys management, he
>>would know all my keys saved in that software, right?
>>Additionally, if my computer is hacked, could all the
>>keys be stolen? Hope you can answer all my questions.
>
>
> I personally think it is a bad idea to store your password/account
> information in any fashion - especially on your computer - and even more so
> if you have to ask about it like you just have. heh

It may be a bad idea, but the alternative is to use easy to remember
passwords, and probably use the same password (or a small number of
passwords) over and over again for every account.

I'm managing 139 accounts/passwords at work, plus another set at home. I
really have to have automation. I wrote my own program that uses AES
encryption to manage the acounts/passwords, and I'm not worried about
that getting hacked. If I had to use something available commercially,
I'd look for AES (Rijndael) or Blowfish encryption, and pick a very
random key.

Kevin

>
> Searching the Internet for the application you mention - it seems a bit "new
> and untested" to give a real opinion. Not sure if this is because of the
> general "don't store you passwords that way" rule, or if the application is
> just that new.
>

Relevant Pages

  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.security)
  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.win2000.security)
  • Re: ssh gives "Permission denied, please try again"
    ... as secure as those Debian generated keys... ... If you always pick passwords whose first four letters are 'A' you're ... The point being that keys are not some panacia and those that think they ... lots of people attack passwords, nobody attacks keys. ...
    (uk.comp.os.linux)
  • RE: Security Logging - Passwords & Accounts
    ... Security Logging - Passwords & Accounts ... Does anybody know of any way to log changes to user & group accounts and ...
    (RedHat)
  • Antivirus programs for XP - best ones?
    ... DON'T create user accounts during setup as they will become ... Turn of transmission of passwords and user credentials in clear ... Keep your system and ALL installed applications uptodate (Microsoft ...
    (alt.computer.security)
Quantcast