How secure do you want/need these to be?  Given the recent interest in
PGP on the list you could always have the system generate the password
and encrypt it using several people's public keys and sign that using
the "system's" key. Then the password file could be stored anywhere
since access to the file wouldn't buy you anything, and it could be
decrypted by anyone with the correct key. 

If you wanted to get really sick, you could start using keysplitting
where you encrypt to a common keypair, but the private part is "split"
among x number of people, and you can tell PGP that you must have y
number of people to decrypt. That is, you split the key into, say, 6
parts, and it takes any 2 people to get the key back -- but that's
really sick. Then again, no one can use the key without at least one
other person knowing.

As for expiring the password, since the system is generating it and
encrypting it, just have the system stick a new version of the encrypted
file somewhere whenever it generates a new password.

-Walden


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
  


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.