[nycbug-talk] password repository

nikolai nikolai at fetissov.org
Wed Dec 30 16:19:08 EST 2009

> On Dec 30, 2009, at 2:50 PM, Chris Snyder wrote:
>> On Wed, Dec 30, 2009 at 2:35 PM, Okan Demirmen <okan at demirmen.com>
>> wrote:
>>> truecrypt is analogues to disk/volume encrypting bits we already
>>> have in
>>> bsd - but it doesn't help if this image is mounted on a server
>>> somewhere..and say someone doesn't un-mount it after use...
>> Sort of. The point of using something cross-platform is that devs /
>> admins mount the image locally on their Win/Mac workstations. And you
>> don't need to explain openssl to the Windows guys...
> Just to be clear- Is that the only benefit of Truecrypt, Windows
> compatibility?  I've never used it and I'm just curious...  (perhaps I
> should *try* it)
> I've been watching this thread but since we're a totally UNIX shop,
> I'm leaning towards nikolai's OpenSSL/Version-Repo answer...  A very
> UNIX-ish approach to solving the problem.  Mix it with some commit
> emails from your Version Repo of choice, or toss some more pipes into
> there, or script out more parts, and viola- the solution gains
> features very cheaply... :)

Hmm, what's wrong with a private cvs/svn/git/whatever repository
for admin group only where password file(s) are stored in *clear text*?
Diffs are priceless :)

Put it onto encrypted slice/file to prevent single-user snoop?
Backup encrypted data? I know there's always a trade-off.


More information about the talk mailing list