[nycbug-talk] password repository
Isaac Levy
isaac at diversaform.com
Thu Dec 31 14:34:32 EST 2009
On Dec 31, 2009, at 2:15 PM, Peter Wright wrote:
> On Dec 30, 2009, at 1:26 PM, Chris Snyder wrote:
>> On Wed, Dec 30, 2009 at 3:37 PM, Isaac Levy <ike at lesmuug.org> wrote:
>>> On Dec 30, 2009, at 2:50 PM, Chris Snyder wrote:
>>>> On Wed, Dec 30, 2009 at 2:35 PM, Okan Demirmen <okan at demirmen.com> wrote:
>>>>
>>>>> truecrypt is analogues to disk/volume encrypting bits we already have in
>>>>> bsd - but it doesn't help if this image is mounted on a server
>>>>> somewhere..and say someone doesn't un-mount it after use...
>>>>
>>>> Sort of. The point of using something cross-platform is that devs /
>>>> admins mount the image locally on their Win/Mac workstations. And you
>>>> don't need to explain openssl to the Windows guys...
>>>
>>> Just to be clear- Is that the only benefit of Truecrypt, Windows
>>> compatibility? I've never used it and I'm just curious... (perhaps I
>>> should *try* it)
>>
>> For this, yeah: Mac/Win/Linux compat and GUI.
>>
>> TC has a plausible-deniability mode that embeds an image within an
>> image, so that in theory you could give out the "outer" password if
>> someone held a gun to your head, and keep the inner password secret.
>>
>> By the way, I'm not sure if they use a password salt or not, I seem to
>> recall warnings about saving .tc files in version control because they
>> might leak info if attacker has many versions of the same file. For
>> that reason alone the openssl approach is better if you're a unix
>> shop.
>
>
> I am using password-safe currently for shared passwords:
> http://www.schneier.com/passsafe.html
>
> we save our files in psafe3 format which is supported by the native NT client...there is a pwsafeV3 compatible CLI utility available, and password gorilla works on X11. For OSX I use a pwsafe Java GUI called PasswordSafeSWT.
>
> pwsafe3 files are checked into our SCM. It seems to work well with the obvious issues of still having a shared password to unlock the password save.
>
> -pete
Well I'll be darned if that aint' a pretty cool one, from a killer source to boot. Fun list of tools to try now :0
Rocket-
.ike
More information about the talk
mailing list