|
|
| (11 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| This is a draft, the resources below clearly tell that clear text passwords in digital information systems are a '''''NO-GO''''' regardless what's in some "specification sheet" or other service provider agreements ;-)
| | Site re-work in progress... |
| | |
| == CISSP ==
| |
| Well, it's one of the CISSP questions, but let's have a closer look: <br>
| |
| * What is the BEST method of storing passwords for a system:
| |
| ** password-protected file
| |
| ** file restricted to one individual
| |
| ** one-way encrypted file
| |
| ** two-way encrypted file
| |
| | |
| You may have guessed it already: an one-way encrypted file is the correct answer. Of course there are other options so an encrypted password in the credential file works out well, too. <br> So if you're service provider keeps telling you that clear text passwords (credentials) don't matter at all, that's a killer argument ;-)
| |
| | |
| Did you know that there's a so called:
| |
| === Code of ethics ===
| |
| https://de.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional#Code_of_Ethics <br>
| |
| "Handelt ein CISSP nicht nach diesen Grundsätzen, kann er jederzeit durch einen anderen CISSP bei der (ISC)² gemeldet werden."
| |
| | |
| == Books ==
| |
| Computer Security '''''Basics''''' <br> Rick Lehtinen, Deborah Russel & G.T. Gangemi Sr. ; Released '''''June 2006''''' ; ISBN-13: 978-0596006693 <br> Page 65-66
| |
| | |
| == CWE ==
| |
| https://cwe.mitre.org/data/definitions/256.html
| |
Latest revision as of 04:39, 27 August 2020
Site re-work in progress...