[sf-perl] OT: Secure password storage

Blake Haggerty Blake.Haggerty at Sapphire.com
Thu Jan 15 08:13:21 PST 2009

Have you looked on Craigslist for another Tungeston-T? There seems to be allot of the older palms on there for about $20-$50...


Blake Haggerty

Permanent Placement Specialist

Sapphire Technologies U.S., a Randstad company

27 Maiden Lane

San Francisco, CA 94108

(p) (415) 788-8488

(f) (415) 788-2592



-----Original Message-----
From:Daniel Lo woof at danlo.com 
To: "San Francisco Perl Mongers User Group" ;
Sent: Jan 15, 2009 07:36:58 AM
Subject: [sf-perl] OT: Secure password storage


My old Palm Pilot: Tungeston-T died a week ago. 

Now I have to find a new method of password storage. The problem I am facing is 
that I can't find any devices suitable for password storage. 

What did I store on my PDA? 

Financial passwords. (Liability rests on me to keep it secure and the company 
disclaims all liability for stolen passwords: of course) 

System passwords. (My job if these are stolen.) 

However, now all PDA's have wifi, bluetooth, USB ports, and Irfd and I 
evaluate these devices on what they are capable of, not what the software allows 
for (Paris Hilton having all of her phone numbers stolen). So, when I saw that 
the pocket PC came with Internet Explorer I overflowed my joy buffer. Storing 
my passwords on a device that is capable of silently sending out information 
without any detection (and runs IE) isn't that great. 

All of my passwords are garblygook that I have a hard time remembering for 
example: C:j2Tc3K9#@ would be a sample password. And I use the same method for 
those questions: Where were you born? "I was born in (c1)32CSF}" 

The only thing I can think of is to store my passwords in a pocket PC in 
"PasswordSafe: http://www.schneier.com/passsafe.html" with an additional 
mnemonic password encoding. 

So that C:j2Tc3K9#@ would be stuck with the following rules: 

Every 3rd character is incremented by its ordinal value by one. 

C:j2Tc3K9#@ would be C:i2Td3K0#@ 

Now, if you have read this far, I'm sure most of you think I need to be sent to 
the funny farm. But what hacks have I seen/heard about in the last 3 months? 

1. IE: all password can be stolen 
2. Adobe: buffer overflow execute allows for arbitrary code run. 
3. DNS: hack. 
4. That neat trick on how to extract memory on a computer after it has been 
turned off. (That was really cool). 

And financial companies say push the liability for stolen passwords on to the 

SanFrancisco-pm mailing list 
SanFrancisco-pm at pm.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/sanfrancisco-pm/attachments/20090115/a2c44970/attachment.html>

More information about the SanFrancisco-pm mailing list