Wow, I had no idea people go through these lengths to keep written passwords safe! Do you guys go through similar lengths to protect against other vulnerabilities? (Buffer overflows, CSRF, XSS, Privilege escalation)? Because the equivalent would be nothing short of analyzing source code for all installed programs for these others.
> -----Original Message----- > From: Simbwa Phillip [mailto:[email protected]] > Sent: Wednesday, October 06, 2010 8:20 PM > To: [email protected] > Subject: [LUG] Man jailed over computer password refusal > > +---------------------------------------------------------+ > When you have to write down a password > +---------------------------------------------------------+ > > Well, if the password is just sealed in an envelope, some one could breach > that with a cup of hot coffee! > > Then if you introduce staples into the mix, after the steam (from my hot > coffee) has done its magic, just tearing the envelope and viewing the > password ends your game. There after, one would slip back the paper with > the password in an identical envelope and may be try to mimic the original > stapling pattern (doesn't have to be accurate, after all you probably didn't > pay as much attention when you were stapling) before sealing it. > But of course if you had your envelope stamped like some one suggested, > then our snoop it caught off balance (could take longer to get a stamp job > done for him). > Also about the DNA check on the paper may not be of much help if our > snoop has gloves on! ( I imagine that this password is extremely important > that they even procured a safe for it!!! I wouldn't be surprised if the police > looked into the matter when a possible breach is suspected). > > Then some creativity may be necessary if you ever want to literally write the > password down on just a piece of paper. I would propose some extra > paranoia to flavor up our concealing cocktail. > > 1. Write down the password in Milk (yes..) on a white piece of paper (only > visible after exposing the paper to some level of heat e.g from a mercury > lamp). > > 2. Could write the password on a piece of paper which could be cut into 3 or 4 > pieces and each stored separately possibly in different locations by different > people. > > 3. For weak passwords like those from say an English dictionary, a translation > into a language of your choice before encoding it in some way (if you are at a > loss of choices, base64 encode the translated text). Of course you have to > remember what language you translated it to so you can re-translate that > back to English using Google or Babel translation engine after decoding it. > > 4. Another approach could be writting your password in a pattern (more like > obfuscation). Lets say, our cisco password is "aiphe1Xa" > You may want to write it down like so: > "daQri321pDF2?hkpZfgeL462341vN23yrTX\a" and my pattern will be 1 2 3 4 5 > 6 7 1 and that translates to; drop the first xter, copy the next and after drop > the next two xters and store the xter that comes next. etc (catch ma drift ?). > All you have to do is to keep your chosen pattern with you (your head is the > safest place). > > 5. Could combine all the above to kill the snooper's show > > Paranoidly Yours, > > ::Phillip:: _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
