RE: [CentOS] Server Hacked: Cpanel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, 2006-08-09 at 17:26 -0400, Bowie Bailey wrote:
> William L. Maltby wrote:
> ><snip>

> The solution to that is a secure password manager.
> http://passwordsafe.sourceforge.net/
> 
> You just have to remember the one password and the program will track
> all of the rest for you.  This way you can use gibberish passwords for
> important sites such as online banking and you don't have to remember
> them or write them down anywhere.  The password database is encrypted
> using Twofish and SHA-256.

I don't care for that concept. One password cracked gives access to all.
I would rather take the admitted risk of writing them down (in *my*
scenario, rather secure at home) and referring to that when needed.

The ones I use frequently will be remembered. I don't use them on the
road at all, so that's reasonable. I prefer to not have passwords stored
on computers any more that necessary.

No I'll admit I fudge a *small* amount. Those who have access in my home
know windows only, not Linux and I have no shares with them. They are
TDU (Typical Dumb Users) and don't know how to use SSH, FTP, ... or even
how to find my comps on the LAN (now SMB node or Domain Controllers
here).


> The only real downside is that if you don't have access to the
> password manager, you don't have access to anything else either.

Well, I do consider the one password exposes all a downside. But I also
grant that it is more secure than many alternatives.

> 
> Oh...and don't forget backup the password database! :)

I'm finalizing my LVM-based snapshots with aging of deleted files right
now, so I will be covered.

Thanks for the URL. I will go take a look. My mind is not yet
rusted closed even if (... *when*) I think I'm right! :-)

-- 
Bill

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux