On Mon, Oct 15, 2018 at 4:33 PM robert engels <reng...@ix.netcom.com> wrote: > > To clarify, this is for a hardware device that protects a local resource - a > network based protocol that challenges the device for access is a different > story, and yes, when properly implemented is secure (unless someone steals > your device! - which is why it is usually password + device, and then you are > back to the same problem of compromising passwords when root access has been > compromised).
This statement indicates to me you don't understand how hardware security tokens work. It doesn't matter if you have root access. You cannot obtain key material from it. If you lose it, you lose the set of keys on it. That's it. Revoke them and issue new ones using your root cert/key that never touches a networked system and lives in a safe. -- Christopher Nielsen "They who can give up essential liberty for temporary safety, deserve neither liberty nor safety." --Benjamin Franklin "The tree of liberty must be refreshed from time to time with the blood of patriots & tyrants." --Thomas Jefferson -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
