Peter Machell wrote: > On 28/06/2006, at 10:53 PM, Tim Churches wrote: > >> I am amazed >> at how many people who should know better configure RSA or DSA >> authentication without the essential protection of encrypted private >> keys, just so they can avoid having to type any passwords. > > I advocate using a strong passphrase to encrypt your private key. > Something you have *and* something you know is an order of magnitude > more secure than only either. > > I also allow users to have an unencrypted private key if they choose to, > and would argue that this is still much more secure than simple password > authentication.
It depends on the circumstances. However, if the private key is on a laptop and is used to log in via ssh to an Internet-accessible host computer, then leaving the private key unencrypted is just asking for trouble - if you lose your laptop or if it is nicked then anyone (with a modicum of knowledge) can boot it up, log in as root[1] and access your Internet-accessible host(s) without having to know or guess *any* passwords to *anything*. None. Not even one. Tim C [1] Except if the filesystems on your laptop hard disc are encrypted using a secret key which you need to enter when the machine is booted. But even this can fail if the machine is stolen or lost while it is booted up and running, or in a suspended state. This same (perhaps theoretical, perhaps not) criticism also applies to key caching mechanisms which can be used to avoid having to type the password for your private key every time you need to use it. TC _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
