Hi Peter,
Replying on the thinking process, not on the fundamentals at this time
(we seem to agree on the characteristics of PKC vs else).
Peter Gutmann wrote:
Thierry Moreau <[email protected]> writes:
Unless automated SSH sessions are needed (which is a different problem
space), the SSH session is directly controlled by a user. Then, the private
key is stored encrypted on long term storage (swap space vulnerability
remaining, admittedly) and in *plaintext*form*only*momentarily* for SSH
handshake computations following a decryption password entered by the user.
...except that a user study a few years back ("Inocilating SSH Against Address
Harvesting") found that two thirds of all SSH private keys were stored in
plaintext on disk. You need to look at what actually happens in practice, not
what in theory should happen in an ideal world.
Agreeing about the survey findings, if we think towards a solution (or
some form of improvements), we may focus our attention on the PKC
characteristics benefiting to the one third of PKC users that are not
that bad in private key protection.
In any case though you're completely missing the point of my argument (as did
the previous poster), which is that a scary number of people follow the
thinking that "passwords are insecure, PKCs are secure, therefore anything
that uses PKCs is magically made secure" even when it's quite obviously not
secure at all. This is magical thinking, not any kind of reasoned assessment
of security.
Agreeing that this magical thinking is indeed operative (not only in IT
security, e.g. a Judge accepting blindly the conclusion of a forensic
expert irrespective of arguments by the opposing party), the association
you made with SSH (which is a neat PKC implementation devoid of PKI
endless complexity) is what triggered my reaction. Would you extend the
association to PGP usage? Would you extend the association to Lotus
Notes as another PKC user community (
http://en.wikipedia.org/wiki/Lotus_Notes#Security )?
The temptation to consider IT security "a done deal" exists with every
mechanism, we should also agree on that.
Good IT security solutions based on PKC may exist despite of the
temptation. I further opine that SSH using PKC may be part of reasonably
good IT security solutions, and the temptation will still exist.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
