[Cryptography] Of writing down passwords

Tue Sep 23 03:12:55 EDT 2014

On Mon, Sep 22, 2014 at 4:35 PM, Abe Singer <abe at oyvay.nu> wrote:

> On Mon, Sep 22, 2014 at 03:41:54PM +1200, Peter Gutmann wrote:
> >
> > Finally a large organisation providing sensible password advice.
>
> Just to flog the sentiment to death:
>
> The dogma against writing down passwords is
> <cryptography at metzdowd.com>
>

The dogma needs to be context sensitive.
Sometimes flogging needs to be considered....

One person at home with one router... write it down
and tape it under the router without restricting air flow.

One company needs to have a policy....
 some will require hard copy in a locked data fire box.
 Managers need to verify  but not know.

Some folk work for multiple companies.
  They will need multiple locked boxes both on sites
  and as needed for remote access.  Each contract
  needs to cover these bases. Cannot be commingled...

Electronic copies of keys and passwords need protection that reflect
the value of the data.

Router configurations control access in ways passwords do not.
Configuration as well as passwords needs to be documented.
Electronic documentation no matter how good depends on
access to the hardware, software and files.   A down system
might prove impossible to recover in a timely manner for want of
access to the documentation.   Loss of control of the documents
creates risks.

Value.... the value of the data dictates the $$ spent on the
  lock box, physical security etc...

Value multipliers are important. One point of sale device not too big
a deal.    Ten thousand OH MY...   Consider how many POS devices at Target
and Home Depot  were involved as an example of a multiplier.

Remote access, physical access, transport of data, transport of
keys are all important.   Escalation of privilege analysis is a tangle.
Some systems are opaque and knowing what you do not know
is the norm.   Some systems are open to the point that knowing
what to protect or attack can be seen and audited.  Some systems
hide so much that the system design and alterations to the system
design by an intruder is impossible to audit in obvious ways.

Intentional and purposeful loss or destruction of a key can securely erase
data.
Malicious loss of a key can cause data loss.
Loss of control of keys can cause malicious transfer of data, exfiltration
or infiltration of systems.

If you have an employee that might get run over by a bus
and that employee has the magic key in his head there is a need for
a physical locked box that the manager can open if needed.

Much depends on what a key unlocks.... and that can change over time.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140923/11503cf5/attachment.html>