<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 22, 2014 at 4:35 PM, Abe Singer <span dir="ltr"><<a href="mailto:abe@oyvay.nu" target="_blank">abe@oyvay.nu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On Mon, Sep 22, 2014 at 03:41:54PM +1200, Peter Gutmann wrote:<br>
><br>
> Finally a large organisation providing sensible password advice.<br>
<br>
</span>Just to flog the sentiment to death:<br>
<br>
The dogma against writing down passwords is <div class=""><div class="h5"><a href="mailto:cryptography@metzdowd.com"></a></div></div></blockquote><div> </div><div>The dogma needs to be context sensitive.</div><div>Sometimes flogging needs to be considered....</div><div><br></div><div>One person at home with one router... write it down</div><div>and tape it under the router without restricting air flow.</div><div><br></div><div>One company needs to have a policy....</div><div> some will require hard copy in a locked data fire box.</div><div> Managers need to verify but not know.</div><div><br></div><div>Some folk work for multiple companies.</div><div> They will need multiple locked boxes both on sites </div><div> and as needed for remote access. Each contract</div><div> needs to cover these bases. Cannot be commingled...</div><div><br></div><div>Electronic copies of keys and passwords need protection that reflect</div><div>the value of the data.</div><div><br></div><div>Router configurations control access in ways passwords do not.</div><div>Configuration as well as passwords needs to be documented.</div><div>Electronic documentation no matter how good depends on </div><div>access to the hardware, software and files. A down system</div><div>might prove impossible to recover in a timely manner for want of </div><div>access to the documentation. Loss of control of the documents</div><div>creates risks.</div><div><div><br class="">Value.... the value of the data dictates the $$ spent on the</div><div> lock box, physical security etc...</div></div><div><br></div><div>Value multipliers are important. One point of sale device not too big</div><div>a deal. Ten thousand OH MY... Consider how many POS devices at Target</div><div>and Home Depot were involved as an example of a multiplier.</div><div><br></div><div>Remote access, physical access, transport of data, transport of</div><div>keys are all important. Escalation of privilege analysis is a tangle.</div><div>Some systems are opaque and knowing what you do not know</div><div>is the norm. Some systems are open to the point that knowing </div><div>what to protect or attack can be seen and audited. Some systems</div><div>hide so much that the system design and alterations to the system</div><div>design by an intruder is impossible to audit in obvious ways.</div><div><br></div><div>Intentional and purposeful loss or destruction of a key can securely erase data.</div><div>Malicious loss of a key can cause data loss.</div><div>Loss of control of keys can cause malicious transfer of data, exfiltration</div><div>or infiltration of systems.</div><div><br></div><div>If you have an employee that might get run over by a bus</div><div>and that employee has the magic key in his head there is a need for </div><div>a physical locked box that the manager can open if needed.</div><div><br></div><div>Much depends on what a key unlocks.... and that can change over time.</div><div><br></div></div>-- <br><div dir="ltr"> T o m M i t c h e l l</div>
</div></div>