On 11-02-21 10:27 PM, Phil Pennock wrote: > > Thus I deploy both RSA and DSA keys, both host and client, so that in > the event of a calamity I can turn one off and still have the other to > use. A calamity might be a crypto break-through, or it might be the > discovery of a bug like the one which bit Debian systems a few years > back, having seriously weakened keys. >
On 11-02-21 07:49 PM, Tom Perrine wrote: > > All crypto works this way. You've got the key, whether it was given to you, > or you guess it, you can read the message (or sign, etc.). > > "Crypto is easy, key management is hard." True. One pet peeve of mine is password-less ssh. For a server with protected physical access, that's one thing, but for a user on a laptop without encryption, please use a password. Most OSes have key management systems that let you type your password once only, which renders the keys useless after a reboot, and yet give you nearly the same convenience as password-less ssh. -- Yves. http://www.SollerS.ca/ http://blog.zioup.org/ _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
