Re: [Openca-Users] How to securely store a p12

Thu, 19 Jan 2006 14:36:36 -0800 


Johnny, I'm certainly not brave enough to say for sure that you won't
have problems.

All the advice says is that at present, 12 characters is regarded as a
suitable figure. But the same advice puts considerable onus on the end
user to ensure that their keys are kept safely. And that means doing
other things in addition to having a good pass phrase.

Its really a case of managed risk. If you are using these keys to
control the transfer of millions of dollars between bank accounts, then
I'd keep well away! My experience is using the keys to control access to
grid computing resources, and I consider it appropriate security.

For now ....

David

On Thu, 2006-01-19 at 13:40 +0100, Johnny Gonzalez wrote:
> Hello David,
> 
> First of all, thanks for aswering my question.
> 
> So do you think that in my case, there won't be any
> problem if I have my p12 in a storage device like a
> USB memory with a validate period of one year, if I
> deal with passwords of at least 12 characters and the
> characteristics I said in the last message??
> 
> Thanks,
> Johnny
> 
> 
>  --- David Bannon <[EMAIL PROTECTED]> escribió:
> 
> > Hi Johnny, the International Grid Trust Federation
> > requires 12 character
> > pass phrases around private keys.
> > 
> > David
> > 
> > On Wed, 2006-01-18 at 15:54 +0100, Johnny Gonzalez
> > wrote:
> > > Hello everybody,
> > > 
> > > I have this issue:
> > > 
> > > All our certificates will be used in Linux, but we
> > > need a way to securely store our p12, I thought in
> > > using ikey rainbow USB tokens, but those tokens
> > work
> > > only in Windows, does anyone knows How to store
> > them
> > > securely?
> > > 
> > > Someone said that we could store them in a USB
> > memory,
> > > but how much time it would take to hack the p12 by
> > > brute force? all certificates will have a validate
> > > time of one year, would it be secure enough to
> > have
> > > them stored in a p12?
> > > 
> > > Thinking about this: I wrote a "politic" for us in
> > > which says that the password for private key and
> > p12
> > > must have this characteristics:
> > > 
> > > - minimum lenght of 10 digits
> > > - must contain uppercase AND lowercase letters
> > > - must contain at least 2 digits (0-9)
> > > 
> > > What do you think about it? Having a p12 with a
> > > password like that stored in a USB memory would be
> > > secure enough to protect the private key?
> > > 
> > > Thanks a lot,
> > > Johnny
> > > 
> > > 
> > >           
> > > ______________________________________________ 
> > > LLama Gratis a cualquier PC del Mundo. 
> > > Llamadas a fijos y móviles desde 1 céntimo por
> > minuto. 
> > > http://es.voice.yahoo.com
> > > 
> > > 
> > >
> >
> -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do
> > you grep through log files
> > > for problems?  Stop!  Download the new AJAX search
> > engine that makes
> > > searching your log files as easy as surfing the 
> > web.  DOWNLOAD SPLUNK!
> > >
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> > > _______________________________________________
> > > Openca-Users mailing list
> > > [email protected]
> > >
> >
> https://lists.sourceforge.net/lists/listinfo/openca-users
> > 
> > 
> > 
> >
> -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do
> > you grep through log files
> > for problems?  Stop!  Download the new AJAX search
> > engine that makes
> > searching your log files as easy as surfing the 
> > web.  DOWNLOAD SPLUNK!
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Openca-Users mailing list
> > [email protected]
> >
> https://lists.sourceforge.net/lists/listinfo/openca-users
> > 
> 
> 
> 
>       
>       
>               
> ______________________________________________ 
> LLama Gratis a cualquier PC del Mundo. 
> Llamadas a fijos y móviles desde 1 céntimo por minuto. 
> http://es.voice.yahoo.com
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to