[TriLUG] Password Security
Alan Porter
porter at trilug.org
Mon Jul 23 13:53:23 EDT 2007
I don't have the problem of sharing passwords, but I use "PasswordSafe"
to store all of my passwords (and I am very happy with it).
The program was originally written by Bruce Schneier, renowned security
guru, author of the big red book "Applied Cryptography" and designer of
the of the "Blowfish" and "TwoFish" encryption algorithms. He knows
what he's talking about, and he has a healthy dose of common sense.
Development has since been turned over the open source community.
The program lets you double-click a password entry to copy the password
to the clipboard without showing it on the screen, so logging in is as
simple as "ssh user at machine", then copy from passwordsafe, then paste
into shell window.
There are versions for Linux (MyPasswordSafe) and Windows.
I store the encrypted data files on my pen drive, which I back up
periodically.
Off the top of my head... if I were to store shared passwords, I would
keep a (read-only) copy of the data file on a shared drive and use a
common master password to access it. To avoid collisions, I would
manage changes through a single "file owner" who could write to the data
file.
Alan
.
More information about the TriLUG
mailing list