Original release date: June 3, 2001
A complete revision history is at the end of this file.
Password storage devices that rely on viscous material may experience viscosity breakdown over time, rendering these devices less effective. In some cases, passwords may be lost completely.
Due to problems surrounding user memory, it is a somewhat common practice to store passwords and pass phrases somewhere they can be later retrieved by the user.
One common technique for protecting passwords is to store them on a device which relies on viscous material to maintain their usefulness. The most common of these devices is produced by 3com and is known as the Post-It.
Over time, viscous material may be exposed to unexpected input, such as dust, hair, and lubricants. Eventually, these devices reach a point of "viscosity breakdown" where their viscous nature is impeded and they no longer function as designed.
While the device may still retain the password or pass phrase, the exact location of the storage device may vary.
When viscosity breakdown occurs, two serious issues may be experienced by users of these devices.
Either of these issues can result in severe harm, though the second presents more opportunity for malicious users.
CUSERT is currently unaware of any real solutions to this problem, however a workaround exists. A CUSERT representative pretending to be a 3com representative suggested that UNIX/Linux users restart their viscous storage devices on a regular basis. Windows and Macintosh users must replace the device.
UNIX/Linux users can do this by sending a hangup signal to the device.
kill -HUP /dev/post-it
Red Hat users can use this command:
/etc/rc.d/init.d/post-it restart
The spokesman suggested implementing this as a cron job.
For enhanced backup security, it is recommended that you also post your passwords and pass phrases on your website if you have one.
CUSERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Copyright 2001 Blake R. Swopes.