On January 31, 2017, Kent Borg wrote: >The oh-so-terribly-secure ssh keys [...] need to be encrypted and an >encryption key "password" is *very* different from a password >password.
Hmm, I don't understand this reasoning, at least for the average Linux user. Given a high-entropy string (say, "4rtichoke BOMBER snerdly festooon?" or whatever), I'd much rather use that string as a key passphrase than as a login password. Key-based authentication requires two secrets to crack, instead of one password. It also lets me type a passphrase once and authenticate to multiple machines all day. The more times you type a password, the more opportunity for a third party to observe it. >If your ATM card is like mine it has a 4-digit PIN and that is good >enough. But a 4-digit encryption key would never be good enough [...] That's an ironic analogy because the combination of ATM card + PIN is, from a UI perspective, analogous to SSH secret key + passphrase. The internal workings are obviously different, but both are combinations of something you have (card or key) plus something you know (PIN or passphrase). Your 4-digit PIN is secure enough only because the card is required. It's trivially easy to shoulder-surf and memorize someone's ATM or smartphone PIN because they're so short, but without the card or phone, a criminal can't use the PIN. >Using ssh keys increases the attack surface. And that ssh key will be >at rest, in how many places? In just one place, in a single ~/.ssh directory. (Plus backups.) That's roughtly the same as /etc/password plus backups. If you mean how many places will contain the public part of the key, then dozens, but it's not a secret. -- Dan Barrett [email protected] _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
