On 2013-01-25, Cliff Pratt <enkiduonthenet at gmail.com> wrote: > > I used to think that, but a password is almost always recoverable, on > more or less any Linux system. In the San Francisco case, the passwords in question were for Cisco routers and other networking equipment. Those are probably much harder to recover/reset, and much more inconvenient to do. I believe that getting someone in to reset the passwords would have been a few thousand dollars and taken the entire city government network down for at least a day, possibly longer. (At least that's what we were told at the time.) In addition, consider this not-terribly-likely scenario (though probably no less likely than me getting hit by a bus): I get mugged, my phone with my Keypass file on it is stolen, and I'm left unconscious. In this case my manager probably wants the passwords changed as quickly as possible, just in case the thief wants to try to crack my Keepass encryption and crack our servers. Given a choice between having to hire someone incredibly expensive to reset all the passwords right away (and hope that he's gotten all of them!) (including the passwords for the non-linux boxes) and having the passwords right in front of him, I am guessing that most managers would choose the latter. One compromise solution would be to share the Keepass file with your manager, and keep the keyfile and/or passphrase with someone trusted (either the manager or someone else). This way there is an independent record of the passwords but they are still encrypted. If the password file is on a USB stick, then it's also not on the network and at risk of remote copying. Think of it as RAID1 for your passwords. Sysadmins love redundancy! :) --keith -- kkeller at wombat.san-francisco.ca.us