Re: [pfSense-discussion] Dynamic DNS - no password encryption
On 9/1/06, Andrew C Burnette <[EMAIL PROTECTED]> wrote: Yes, short answer is, if you can't trust your filesystem (or more directly the OS with access to it), you've already been owned, and the train has already left the station. Well, there are a class of vulnerabilities which grant read access to [any] file(s), but in general, the game is over by that time. If it's that secret (read NSA guidelines on security as they're actually not half bad), Link: http://www.nsa.gov/snac/ Note they only have security guides for commercial OSes. If anyone is inclined, send their PR or public relations office a thank-you note for developing stuff for open-source OSes. They took a toungue-lashing from MS over SELinux, and are careful to state that they aren't endorsing one vendor over another, etc. Let them know that open-source allows the maximum benefit from their research and development because others can study the implementation easily. -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Re: [pfSense-discussion] Dynamic DNS - no password encryption
Yes, short answer is, if you can't trust your filesystem (or more directly the OS with access to it), you've already been owned, and the train has already left the station. If it's that secret (read NSA guidelines on security as they're actually not half bad), then you need another factor (physical and knowledge) to add into the mix. And that's not possible to automate, no matter what Tom Cruise does in Mission Impossible :-) Have a nice weekend. andy Travis H. wrote: > On 8/29/06, DarkFoon <[EMAIL PROTECTED]> wrote: >> I was looking through my XML configuration recently, and I noticed >> that my >> Dynamic DNS password is not encrypted like the PFsense password is. >> It seems to me that this is a rather important password and should be >> encrypted (if possible). > > This is also true of other programs, such as gaim. > Your IM passwords are stored in plaintext, for the same reasons. > The best way to deal with this is to make your home directory encrypted, > but that rules out unattended mounting almost by definition. > Take a look at truecrypt for one cross-platform open-source tool > that supports steganography as well. > > Another way to deal with it would be to use something like a keychain > program > (similar to ssh-agent) to give the daemon the key, or to get it from > another > machine (if you wish to have unattended boots with /home mounted). Of > course if you're worried about power outages, you will want to UPS > that other machine, > and/or have a generator with automatic switchover from the grid. One > advantage of natural gas generators is not having to be there to > refill it with fuel.
Re: [pfSense-discussion] Dynamic DNS - no password encryption
On 8/29/06, DarkFoon <[EMAIL PROTECTED]> wrote: I was looking through my XML configuration recently, and I noticed that my Dynamic DNS password is not encrypted like the PFsense password is. It seems to me that this is a rather important password and should be encrypted (if possible). This is also true of other programs, such as gaim. Your IM passwords are stored in plaintext, for the same reasons. The best way to deal with this is to make your home directory encrypted, but that rules out unattended mounting almost by definition. Take a look at truecrypt for one cross-platform open-source tool that supports steganography as well. Another way to deal with it would be to use something like a keychain program (similar to ssh-agent) to give the daemon the key, or to get it from another machine (if you wish to have unattended boots with /home mounted). Of course if you're worried about power outages, you will want to UPS that other machine, and/or have a generator with automatic switchover from the grid. One advantage of natural gas generators is not having to be there to refill it with fuel. -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Re: [pfSense-discussion] Dynamic DNS - no password encryption
I see, thank you for the clarification. - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 29, 2006 7:59 AM Subject: Re: [pfSense-discussion] Dynamic DNS - no password encryption > On 8/29/06, DarkFoon <[EMAIL PROTECTED]> wrote: > > I was looking through my XML configuration recently, and I noticed that my > > Dynamic DNS password is not encrypted like the PFsense password is. > > It seems to me that this is a rather important password and should be > > encrypted (if possible). > > http://faq.pfsense.com/index.php?action=artikel&cat=1&id=37&artlang=en&highlight=encrypted > > Refer to mailing list history for juicy flame wars. We are not going > there again. > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.405 / Virus Database: 268.11.6/430 - Release Date: 8/28/2006 > >
Re: [pfSense-discussion] Dynamic DNS - no password encryption
On 8/29/06, DarkFoon <[EMAIL PROTECTED]> wrote: I was looking through my XML configuration recently, and I noticed that my Dynamic DNS password is not encrypted like the PFsense password is. It seems to me that this is a rather important password and should be encrypted (if possible). http://faq.pfsense.com/index.php?action=artikel&cat=1&id=37&artlang=en&highlight=encrypted Refer to mailing list history for juicy flame wars. We are not going there again.
[pfSense-discussion] Dynamic DNS - no password encryption
I was looking through my XML configuration recently, and I noticed that my Dynamic DNS password is not encrypted like the PFsense password is. It seems to me that this is a rather important password and should be encrypted (if possible).