Passwords
• Computer to computer
• 1 to ~1024 bytes
• "Internal" or human-y
Slide 7
Slide 7 text
Tokens
• "External" or API
• Like passwords
Slide 8
Slide 8 text
Keys
• Whole files
• Bigger, chunkier
Slide 9
Slide 9 text
Other
• Kerberos tickets
• PCI log files
• HIPAA records
Slide 10
Slide 10 text
Temperature
Slide 11
Slide 11 text
Hot / Online
• Autonomous access
• Used a lot
• Humans need not apply
Slide 12
Slide 12 text
Cold / Offline
• Used rarely
• Humans required
Slide 13
Slide 13 text
Spectrum
Slide 14
Slide 14 text
Speed
Slide 15
Slide 15 text
Slow
• "Static"
• Change is "big"
• Less safe
Slide 16
Slide 16 text
Fast
• Changes constantly
• Automatic rotation
• More safe
Slide 17
Slide 17 text
Properties of a Secrets
Management System
Slide 18
Slide 18 text
– Jerome Saltzer, Communications of the ACM
“Every program and every privileged
user of the system should operate
using the least amount of privilege
necessary to complete the job.”