[sf-perl] OT: Secure password storage
Blake.Haggerty at Sapphire.com
Thu Jan 15 08:13:21 PST 2009
Have you looked on Craigslist for another Tungeston-T? There seems to be allot of the older palms on there for about $20-$50...
Permanent Placement Specialist
Sapphire Technologies U.S., a Randstad company
27 Maiden Lane
San Francisco, CA 94108
(p) (415) 788-8488
(f) (415) 788-2592
From:Daniel Lo woof at danlo.com
To: "San Francisco Perl Mongers User Group" ;
Sent: Jan 15, 2009 07:36:58 AM
Subject: [sf-perl] OT: Secure password storage
My old Palm Pilot: Tungeston-T died a week ago.
Now I have to find a new method of password storage. The problem I am facing is
that I can't find any devices suitable for password storage.
What did I store on my PDA?
Financial passwords. (Liability rests on me to keep it secure and the company
disclaims all liability for stolen passwords: of course)
System passwords. (My job if these are stolen.)
However, now all PDA's have wifi, bluetooth, USB ports, and Irfd and I
evaluate these devices on what they are capable of, not what the software allows
for (Paris Hilton having all of her phone numbers stolen). So, when I saw that
the pocket PC came with Internet Explorer I overflowed my joy buffer. Storing
my passwords on a device that is capable of silently sending out information
without any detection (and runs IE) isn't that great.
All of my passwords are garblygook that I have a hard time remembering for
example: C:j2Tc3K9#@ would be a sample password. And I use the same method for
those questions: Where were you born? "I was born in (c1)32CSF}"
The only thing I can think of is to store my passwords in a pocket PC in
"PasswordSafe: http://www.schneier.com/passsafe.html" with an additional
mnemonic password encoding.
So that C:j2Tc3K9#@ would be stuck with the following rules:
Every 3rd character is incremented by its ordinal value by one.
C:j2Tc3K9#@ would be C:i2Td3K0#@
Now, if you have read this far, I'm sure most of you think I need to be sent to
the funny farm. But what hacks have I seen/heard about in the last 3 months?
1. IE: all password can be stolen
2. Adobe: buffer overflow execute allows for arbitrary code run.
3. DNS: hack.
4. That neat trick on how to extract memory on a computer after it has been
turned off. (That was really cool).
And financial companies say push the liability for stolen passwords on to the
SanFrancisco-pm mailing list
SanFrancisco-pm at pm.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SanFrancisco-pm