0

Personal Encryption

Safe Place color.jpg 298×299 pixels-2.pngHow do you decide on your passwords? Here are a few ways I have seen others done:

* Memorable one word e.g. *”Niiiiiiice”
* Memorable one word including pseudo randomness e.g. “7pumkin33″
* Merabable phrase e.g. “TwoCatsInTheGarden”

For many, it can be a challenge to dream up a “good” password. Thinking since it shouldn’t be written down, that it must be memorable.
What I have seen happen and have been guilty of this myself is that, we didn’t always know about what makes a good password and the inevitable need for more then one. When we signed up for that AOL account back in the 90s, the password we used then still comes to mind.

The first example I gave of “Niiiiiiice”, that was a root password of noted Security researcher Dan Kaminsky. He was recently shamed by a group of BlackHat hackers which owned one of his server.

When you are responsible for more then a few machines, password management becomes critical. I’ve seen spreadsheets and text files used for this. When an admin needs access to a machine, he will reference his document.

Rather then the memorable types noted above, Systems Admins typically use strong passwords. There was nothing memorable about the passwords I’ve seen from them. Documents that contain these passwords are only as safe as the location the user keeps them. If the admins system is compromised, so are all them system he manages.

One possible solution is to also password protect and encrypt the document right? Not really. Most likely that password is short and memorable. So what is the solution?

I would suggest that personal encryption might be the key. The name is something I have made up, however the method is not. Here is the concept. Let’s say you have this passwords “1T8Ft8\P-X#9le”. This password is written down on your document. Before using it on a system, add your memorable unwritten key “peerless” someplace in the middle of the password. In practice the password would be used like this “1T8Ftpeerless8\P-X#9le”. Peerless is your personal encryption key. No one should know this, and the password should never be written down with the key included.

Personal encryption in practice does not give us an excuse to write passwords on the walls. We should still take every precaution as usual.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • del.icio.us
  • Google
  • StumbleUpon
  • Technorati
  • description
  • Facebook
  • Reddit
  • Slashdot
  • TwitThis

This post was written by .

More Posts by   Visit 's Website

Leave a Reply