Peter Gutmann wrote:
Werner Koch <[email protected]> writes:
Which is not a surprise given that many SSH users believe that ssh
automagically make their root account save and continue to use their lame
passwords instead of using PK based authentication.
That has its own problems with magical thinking: Provided you use PK auth,
you're magically secure, even if the private key is stored in plaintext on ten
different Internet-connected multiuser machines. I don't know how many times
I've been asked to change my line-noise password for PK auth, told the person
requesting the change that this would make them less secure because I need to
spread my private key across any number of not-very-secure machines, and
they've said that's OK because as long as it uses PKCs it's magically secure.
Peter.
Please Peter, a little rigor in the arguments would help.
Since the SSH servers need *only*your*public*key*, then the "ten
different Internet-connected multi-user machines" are not those SSH
servers the admin of which would have made the request to turn to client
PK for SSH.
If you chose to roam into different (and as insecure as you wish to
support your argument), it's your decision as a SSH client user. With
the low selling price of small single user system, you could also
dedicate one as a SSH client console and make it a) intermittently
connected to the Internet, b) single user for all practical purposes, c)
little vulnerable to Trojan horse, d) having only the software you
selected for the job, e) ...
Unless automated SSH sessions are needed (which is a different problem
space), the SSH session is directly controlled by a user. Then, the
private key is stored encrypted on long term storage (swap space
vulnerability remaining, admittedly) and in
*plaintext*form*only*momentarily* for SSH handshake computations
following a decryption password entered by the user. If you have to fear
keyboards grabbers, you fear them for "line-noise passwords" as well.
Maybe you want to argue that PK authentication is an HMI nightmare and
comes with misleading security claims derived from an obscure theory of
operation. Fine. But in the case of SSH authentication, the PK
alternative allows security-minded remote system operators to enjoy a
secure remote console.
I don't understand why you would chose to handle your encrypted SSH
private key in a lousy way. But it seems inappropriate to assume that
better ways are not feasible.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
