From: Kenn Humborg (kenn at domain bluetree.ie)
Date: Tue 12 Oct 1999 - 14:45:06 IST
On Tue, Oct 12, 1999 at 02:34:15PM +0100, John P . Looney wrote:
> On Tue, Oct 12, 1999 at 02:12:25PM +0100, Kenn Humborg mentioned:
> > Does anyone know of any solid advice on this sort of thing?
> > All the bloody user-oriented password advice (pick a good
> > password and don't write it down) is completely useless
> > in this situation. Surely larger companies have established
> > systems and procedures for this.
> Motorola store all their's in a password-protected Excel file. Must take
> hours to crack that sort of heavy-weigth encryption :)
Oh bloody hell...
Let's see... what are the problems with this?
1. Proprietary format (no need to elaborate).
2. On-line (susceptible to electronic attacks such as viruses)
3. No granularity - get one and you've got them all
4. No traceability - no way to tell if it's been cracked
5. Either the file is stored in the open (where it can be
easily copied and cracked off-line) or it is in a
place only accessible to certain users (which means that
if those users get hit by busses you can't get the file)
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:43 GMT