Tuesday, July 2, 2019

Privacy and Security for passwords

E.Snowden  who has  shown us the US.gov  and other big governments of the world,  does not want us ( personal  sector )  to deploy harden security practices.

https://en.wikipedia.org/wiki/Edward_Snowden


We used passwords everyday, and in some case the same password across multiple systems. This is due that we can't manage hundreds of passwords and not  all systems MFA enabled.

If you have no  OTP ( one time password ) mechanism for a login , your at risk if your password is ever lost or the system was ever compromised. Mail.com had this happen with million of email-user accounts btw.

Here's a sure want to use passwords and make a strong password lengths and complexity and then you secure the data with a x509  certificate. You should avoid reusing passwords across multiple systems by all means. Yes it's tempting but in reality poor security execution.


So let's dive in....


example 1

You have a cool password for gmail.com,  but you can remember it since it's so long and so cool . Just encrypted it and then only you the owner of the matching private key can decrypt it



 NOTE: that is not  password , so don't try to use it 


Okay example 2

You need to  make a long  IPSEC PSK of  36byte bytes & that is random to share with a vendor and who in the h#ll will remember it?

No problem encrypted the data by using a x509 pub-key




NOTE: You can do this and  send encrypted keys to others if they have a existing PKI-infastructure  and issue user certificates

This allows for you  to make very strong keys and with no risk if they are ever lost or stolen since they are encrypted. You only have to manage your certificate and ensure that you have a strong passphrase.


All of my traveling laptop have a aes128  loopFileSystem and with my encrypted keys stored. This way I can have my mail, bank, forums, alarm code, pin, account#s,  and others  systems passwords close by and 100% secured

!  And only need to manage one single master passphrase for decryption. !



TIP: You can add subject headers for the SMIME headers to  help provide pointer on what the password is for. Do not but sensitive information in this field

Example:

Subject line was added that describe this data contains.





With openssl , you can easily  encrypted with des / aes128 -thru- 256 or a few others ciphers. keep in mind your data is always at risk if your passwords are compromised.


lastly,  store the pass-phrase for your private-key in your memory or a vault. A good rule is passphrase made up of 8 words or more.


example

Bad      "This is a key"
Good  "This is Much STonger K3n is S0 Sm@rt! "







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)