On 03/28/2016 10:54 AM, Paul Flint wrote: > I would ask them > both if this enhancement of the cryptography is really necessary in low > to medium criticality situations. Breaking into a public-private key > cryptographic session is non-trivial enough that I feel Anthony's > apologetic tone in not using pass-phrases unnecessary, that is, unless > he has started work on Nuclear Missile Launch codes...
Just to be clear, the issue I was trying to address is has nothing to do with ssh itself, but rather the fact that every program you run (with your user id) can easily grab your ssh keys, or use your (running) ssh agent. This is what I meant when I referred to 'sandboxing', or rather the lack-there-of in the usual unix userspaces. This has nothing to do with the crypto itself. The traditional model is, "just go ahead and give all my permissions to every program I run." Jonathan: I have my reservations about address space randomization, but I think I've voiced them here in the past. Also, speaking of ssh: 1. Does everyone know about mosh? 2. Does everyone know the joy of using ~/.config/systemd/user/ to start and stop ssh-agent (and also tiddlywiki for that matter)? -- Anthony Carrico
signature.asc
Description: OpenPGP digital signature
