[nycbug-talk] password repository
nikolai
nikolai at fetissov.org
Wed Dec 30 16:19:08 EST 2009
> On Dec 30, 2009, at 2:50 PM, Chris Snyder wrote:
>
>> On Wed, Dec 30, 2009 at 2:35 PM, Okan Demirmen <okan at demirmen.com>
>> wrote:
>>
>>> truecrypt is analogues to disk/volume encrypting bits we already
>>> have in
>>> bsd - but it doesn't help if this image is mounted on a server
>>> somewhere..and say someone doesn't un-mount it after use...
>>
>> Sort of. The point of using something cross-platform is that devs /
>> admins mount the image locally on their Win/Mac workstations. And you
>> don't need to explain openssl to the Windows guys...
>
> Just to be clear- Is that the only benefit of Truecrypt, Windows
> compatibility? I've never used it and I'm just curious... (perhaps I
> should *try* it)
>
> I've been watching this thread but since we're a totally UNIX shop,
> I'm leaning towards nikolai's OpenSSL/Version-Repo answer... A very
> UNIX-ish approach to solving the problem. Mix it with some commit
> emails from your Version Repo of choice, or toss some more pipes into
> there, or script out more parts, and viola- the solution gains
> features very cheaply... :)
>
Hmm, what's wrong with a private cvs/svn/git/whatever repository
for admin group only where password file(s) are stored in *clear text*?
Diffs are priceless :)
Put it onto encrypted slice/file to prevent single-user snoop?
Backup encrypted data? I know there's always a trade-off.
--
Nikolai
More information about the talk
mailing list