lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu Oct 13 04:39:14 2005
From: capegeo at opengroup.org (George Capehart)
Subject: password vaults-

David Royer wrote:
> Sorry for the very noob question, but I'm having very hard times finding
> such products.
>  I have the pleasure and the incredible chance to support generic (shared
> admin) passwords. I'm looking for a commercial product to manage the
> distribution and protection of these passwords. Must be RSA compatible and
> Active Directory (LDAP, to retrieve info and allow access). Also must be
> able to support web (https) for users to log in and get the passwords they
> are allowed to see.
>  Best regards!

OK.  In spite of the fact that this has got to be a troll, I'll bite . .  .

Run from that as fast and as far as you can.  Under /*any*/ 
circumstance, shared passwords are a major no-no.  You're setting 
yourself up for misery . . . And allowing users "to log in and get the 
passwords they are allowed to see"?  Think about that for a while and 
see if you can identify some potential risks there . . .

/g

Powered by blists - more mailing lists