William L. Maltby wrote: > On Wed, 2006-08-09 at 17:26 -0400, Bowie Bailey wrote: > > William L. Maltby wrote: > > > The solution to that is a secure password manager. > > http://passwordsafe.sourceforge.net/ > > > > You just have to remember the one password and the program will track > > all of the rest for you. This way you can use gibberish passwords for > > important sites such as online banking and you don't have to remember > > them or write them down anywhere. The password database is encrypted > > using Twofish and SHA-256. > > I don't care for that concept. One password cracked gives access to all. > I would rather take the admitted risk of writing them down (in *my* > scenario, rather secure at home) and referring to that when needed. True, but if you make that one a good one and use it only for that purpose, the risks are minimal. > The ones I use frequently will be remembered. I don't use them on the > road at all, so that's reasonable. I prefer to not have passwords stored > on computers any more that necessary. I don't think it's a problem to have the passwords stored on the computer. Just make sure they're securely encrypted. > No I'll admit I fudge a *small* amount. Those who have access in my home > know windows only, not Linux and I have no shares with them. They are > TDU (Typical Dumb Users) and don't know how to use SSH, FTP, ... or even > how to find my comps on the LAN (now SMB node or Domain Controllers > here). > > > > The only real downside is that if you don't have access to the > > password manager, you don't have access to anything else either. > > Well, I do consider the one password exposes all a downside. But I also > grant that it is more secure than many alternatives. You know what they say: "You can put all your eggs in one basket, but WATCH THAT BASKET!" As long as you are extremely careful with the access password, you shouldn't have a problem. I will take this risk for the advantage of being able to easily use highly secure passwords. For example, my online banking password is a sequence of random characters. I don't have to remember it or type it. If I didn't have a tool like this, I would have to either write it down somewhere or use a less-secure password that I could remember. > > Oh...and don't forget backup the password database! :) > > I'm finalizing my LVM-based snapshots with aging of deleted files right > now, so I will be covered. That works, but a simple backup copy to a floppy disk or external hard drive works as well. > Thanks for the URL. I will go take a look. My mind is not yet > rusted closed even if (... *when*) I think I'm right! :-) The creator of this tool is a rather paranoid security expert. I figure if he is willing to use it, it's worth a look. http://schneier.com/ (note that the Password Safe information on that page refers to an older version that used Blowfish rather than Twofish) -- Bowie