Security:ClearTextPasswords: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
This is a draft, resources | This is a draft, the resources below clearly tell that clear text passwords in digital information systems are a '''''NO-GO''''' regardless what's in some "specification sheet" or other service provider agreements ;-) | ||
== CISSP == | == CISSP == | ||
| Line 9: | Line 9: | ||
** two-way encrypted file | ** two-way encrypted file | ||
You may have guessed it already: an one-way encrypted file is the correct answer. Of course there are other options so an encrypted password in the credential file works out well, too. <br> So if you're service provider keeps telling you that clear text passwords (credentials) don't matter at all, that's a killer argument ;-) | |||
Revision as of 06:48, 14 August 2020
This is a draft, the resources below clearly tell that clear text passwords in digital information systems are a NO-GO regardless what's in some "specification sheet" or other service provider agreements ;-)
CISSP
Well, it's one of the CISSP questions, but let's have a closer look:
- What is the BEST method of storing passwords for a system:
- password-protected file
- file restricted to one individual
- one-way encrypted file
- two-way encrypted file
You may have guessed it already: an one-way encrypted file is the correct answer. Of course there are other options so an encrypted password in the credential file works out well, too.
So if you're service provider keeps telling you that clear text passwords (credentials) don't matter at all, that's a killer argument ;-)
Books
Computer Security Basics
Rick Lehtinen, Deborah Russel & G.T. Gangemi Sr. ; ISBN-13: 978-0596006693
Page 65-66