Re: Password escrow
On Thu, 13 Jul 2006, Chris Kuethe wrote: > Secret Sharing schemes. > http://freshmeat.net/projects/sharesecret/ > http://freshmeat.net/projects/shsecret/ also http://freshmeat.net/projects// -- [-] mkdir /nonexistent
Re: Password escrow
On 7/13/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: Also, a little crypto goes a long way: if you want good security, use two or more pieces which will only provide the password if XOR'ed together. (More elaborate schemes are doubtlessly possible, including a scheme in which, say, any two people can access all systems but no single person can - in fact, I recall seeing such a system in Schneier[1].) However, such a project would be quite impeded over the typical freedom-loving attitude in the open source movement - it tends to stretch to a profound, and not always unfounded, distrust of those with power. See Stallman's documentation for su(1) for a particularly well-known example. Secret Sharing schemes. http://freshmeat.net/projects/sharesecret/ http://freshmeat.net/projects/shsecret/ Enjoy. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Password escrow
On Thu, Jul 13, 2006 at 10:14:31AM -0400, STeve Andre' wrote: > On Thursday 13 July 2006 09:50, Roland Dominguez wrote: > > Is anyone using or know of an open source password escrow package? > > Ugh. If you are talking about a way to hold passwords in case someone > gets hit by a truck, nothing beats writing it down, stuffing it in an envelope > and putting in an administrative persons secure area. > > I question using a PDA to do this. I know of a place that used one for a > password store area, and guess what--it got lost. It was lost for two+ > days before folks noticed. I leave it to the reader to imagine the hysteria > that ensued, realizing that systems with really sensitive data were in that > PDA... Also, a little crypto goes a long way: if you want good security, use two or more pieces which will only provide the password if XOR'ed together. (More elaborate schemes are doubtlessly possible, including a scheme in which, say, any two people can access all systems but no single person can - in fact, I recall seeing such a system in Schneier[1].) However, such a project would be quite impeded over the typical freedom-loving attitude in the open source movement - it tends to stretch to a profound, and not always unfounded, distrust of those with power. See Stallman's documentation for su(1) for a particularly well-known example. Joachim [1] You'll have to make do with this incomplete cite, because I forgot if I borrowed Practical or Applied Cryptography; I am fairly certain it was the former, though.
Re: Password escrow
On Thursday 13 July 2006 09:50, Roland Dominguez wrote: > Is anyone using or know of an open source password escrow package? > > thanks > roland Ugh. If you are talking about a way to hold passwords in case someone gets hit by a truck, nothing beats writing it down, stuffing it in an envelope and putting in an administrative persons secure area. I question using a PDA to do this. I know of a place that used one for a password store area, and guess what--it got lost. It was lost for two+ days before folks noticed. I leave it to the reader to imagine the hysteria that ensued, realizing that systems with really sensitive data were in that PDA... --STeve Andre'
Password escrow
Is anyone using or know of an open source password escrow package? thanks roland