[Dshield] password security
Dr. Daniel Carras
dr.astrom42 at gmail.com
Fri Feb 6 01:56:59 GMT 2009
I view encryption as the "locking the keys in the safe", approach to
security. If you loose the key to the safe, or the lock is broken,
you've locked all that information in with no way to get it out. From
what I'm seeing, new attacks are forming to break the locks (and keys)
in encryption. My approach is from by background in cybernetics. 1st)
understand the psychology of the average hacker; 2nd) understand the
psychology of camouflage; 3rd) develop a security protocol incorporating
both. Basically, if there is a hacking algorithm, then there is an
anti-hacking algorithm.
David Brodbeck wrote:
> Personally, I favor putting the password file on an encrypted
> filesystem, or encrypting it with GPG or a similar tool. This way I
> can pick one secure passphrase to remember instead of having to
> remember several. There are ways for an attacker to get around this,
> too, of course, but for me it lowers the risk to an acceptable level.
>
>
> On Feb 5, 2009, at 1:24 PM, Dr. Daniel Carras wrote:
>
>
>> Understanding (even
>> briefly) how code is written and what they look for, you can create a
>> password file on your system, that would not ordinarily be looked for.
>> It here you place your rarely used password. You may also wish to look
>> into the history of camouflage. This is what you want to do on your
>> system, create a camouflaged password file that hackers will not see.
>>
>
>
>
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see: https://lists.sans.org/mailman/listinfo/list
>
>
More information about the Dshield
mailing list