Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PW management (was Re: break-in attempts)



On Mon, 21 Nov 2005 13:28:21 -0500, Rich Braun <richb at pioneer.ci.net>  
wrote:

>  Do you have some secrets on successful use?

Well not exactly. However, I did use a scheme that might be worth a  
mention.

<chat>
A while back, I worked at a small computer store, and the store's machine  
was password-protected. Because I often opened the store and was the only  
employee there for much of the business day, it would have been bad to  
lose or forget my password, and I'm a strong believer in  
difficult-to-guess passwords; being an amateur linguist and very good  
speller helps.
</kitty>

Being well aware of the risks of writing down passwords, I added a limited  
degree of compromising difficulty by interleaving extra letters into the  
machine's password before writing it down. Only I would know which letters  
were "real" and which were meaningless, but the written version was a good  
reminder, showing details like letter cases and embedded digits. I didn't  
tell many people what I was doing, eitther. One copy was in my wallet, and  
another on a slip of paper in the desk drawer. One might think of it as  
quite-crude steganography that confounds by inability to distinguish  
meaningful from meaningless characters.

This situation was far less likely to be attacked, I'd say, than something  
like a server in a large company, where such a scheme might eventually  
become known.

(In high school, we had combination locks for our lockers, and the combo.  
was not changeable. I had trouble with over-the-shoulder gazing. I had  
opened up a discarded combo. padlock and had learned how the mechanism  
works (it's quite clever, and very simple), so I was able to make the  
middle disc (of three) go back and forth (and maybe even the rear disc)  
until the gazer gave up trying to memorize a dozen or so numbers.)

For me, Bruce Schneier has some excellent advice and commentary about  
security, even if he does use Windows.

Regards,

-- 
Nicholas Bodley  /*|*\ Waltham, Mass. (Not "MA")
Science education in Kansas: The water in
the oceans does not fall off the edges of the
Earth because it is God's will that it not do so.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org