[Cryptography] Passwords (Smallest feasible work factor today?)

Tom Mitchell mitch at niftyegg.com
Wed Sep 21 14:28:34 EDT 2022


On Fri, Sep 16, 2022 at 1:20 PM Jerry Leichter <leichter at lrw.com> wrote:
>
> >> I use a metal lockbox full of 3x5 cards as my password manager.  And when asked, I recommend it.
> >
> > Upgrade to a fire resistant box.
> > You can cast plaster of paris around your box (box inside of a box).
> > Use parchment paper to mate the upper and lower parts.  Drywall and
> > construction adhesive work as well.   2x 3/4" drywall for garages is code,
> > you want more but drywall fire resistance is nicely documented.
> Neat idea.  I'd add another level, though:  If you do have a house fire, this thing could be hit with high-pressure water or end up submerged for a while.  You could end up with unburned ... paper mush.  A waterproof box inside it all - box within a box within a box - should protect you.  (Of course you could choose a waterproof inner box to begin with.)

Ziploc plastic bags. Those with vacuum seal gadgets can do better.
Companies need a mechanism and policy.
Perhaps, envelopes are sealed and tamper evident tricks.
One Envelop per employee with critical keys held behind a double lock
in case the manager is a risk.
Backups?
Policy needs to cover law enforcement.

I am reminded that a clerk that reports to a unit commander can have
secrets in the clerk's
safe that the unit commander has no need to know and mismatched clearances.
The context of that briefing taught me too much about classified
document management.
Working inside a secure bubble teaches nothing about how a bubble is
made, maintained
and too easy to burst.

-- 

          T o m    M i t c h e l l  (on NiftyEgg[.]com )


More information about the cryptography mailing list