You have to remember that users are lazy. On Tue, Feb 22, 2011 at 09:04, Yves Dorfsman <[email protected]> wrote:
> > On 11-02-21 10:27 PM, Phil Pennock wrote: > > > > Thus I deploy both RSA and DSA keys, both host and client, so that in > > the event of a calamity I can turn one off and still have the other to > > use. A calamity might be a crypto break-through, or it might be the > > discovery of a bug like the one which bit Debian systems a few years > > back, having seriously weakened keys. > > > > On 11-02-21 07:49 PM, Tom Perrine wrote: > > > > All crypto works this way. You've got the key, whether it was given to > you, > > or you guess it, you can read the message (or sign, etc.). > > > > "Crypto is easy, key management is hard." > > True. One pet peeve of mine is password-less ssh. For a server with > protected > physical access, that's one thing, but for a user on a laptop without > encryption, please use a password. Most OSes have key management systems > that > let you type your password once only, which renders the keys useless after > a > reboot, and yet give you nearly the same convenience as password-less ssh. > > -- > Yves. > http://www.SollerS.ca/ > > http://blog.zioup.org/ > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- The best compliment you could give Pythian for our service is a referral.
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
