[p2p-hackers] guidelines for good password policy and maintenance/ user centric identity with single passwords (or a smallnumber at most over time)

[David Barrett]

> -----Original Message-----
> From: coderman
> Sent: Monday, March 27, 2006 2:05 PM
> 
> On 3/27/06, Michael J Freedman <mfreed at cs.nyu.edu> wrote:
> > ...
> > This approach is certainly commonly done by people for useability.
> > However, the problem is that the best security you get is that of
> security
> > provided by the weakest site (i.e., the weakest link the chain analogy).
> 
> true; which is why i'd like to see them use a single good password to
> mount an encrypted volume and secure OS where the rest of the
> (different*) passwords and PIN's and whatever else are kept.

What are your thoughts on using PKI?

For example, create private keys (with no passwords) and put them in an
encrypted volume.  Then use one strong password to unlock your encrypted
volume (and thus, unlock your private keys), and then SSH to everywhere else
securely.  Thus a user need only remember one password to get access to all
servers.  (And you can individually grant or revoke access to servers by
adding/removing the corresponding public key.)

Win32 has 'TrueCrypt', which has a nice feature of auto-unmounting the
encrypted volume on suspend/hibernate.  Thus even if your laptop gets stolen
while hibernated, the private keys aren't compromised.  And if you're laptop
is configured to suspend on the screen closing, they'd need to steal your
laptop from you, while it's running, and begin hacking on it before closing
the screen. 

(And in the time someone can mount an offline attack, you can remove the
user's corresponding public keys from the servers.)

-david