Security:ClearTextPasswords

From queowiki
Revision as of 06:38, 14 August 2020 by Queo (talk | contribs) (Created page with "This is a draft, resources which show that clear text pwd are a NO-GO no matter what the "specification sheet" tells you ;-) == CISSP == Well, it's one of the CISSP questions...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This is a draft, resources which show that clear text pwd are a NO-GO no matter what the "specification sheet" tells you ;-)

CISSP

Well, it's one of the CISSP questions, but let's have a closer look:

  • What is the BEST method of storing passwords for a system:
    • password-protected file
    • file restricted to one individual
    • one-way encrypted file
    • two-way encrypted file

Well, you may have guessed it already an one-way encrypted file is the correct answer. Of course there are other options so an encrypted password works out well, too. So if you're service provider keeps telling you that clear text password don't matter at all, that's a killer argument ;-)


Books

Computer Security Basics
Rick Lehtinen, Deborah Russel & G.T. Gangemi Sr. ; ISBN-13: 978-0596006693
Page 65-66

CWE

https://cwe.mitre.org/data/definitions/256.html

Retrieved from "https://quehenberger.org/queowiki/index.php?title=Security:ClearTextPasswords&oldid=85"