Re: ssh, passphrases and stdin

From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 08/25/04

  • Next message: Christopher.Fouts_at_infineon.com: "RE: HELP please! Why is the agent NOT recognized"
    Date: Wed, 25 Aug 2004 07:41:33 -0400
    To: "David E. Meier" <dev@eth0.ch>
    
    

    On Tue, Aug 24, 2004 at 06:05:55PM +0200, David E. Meier wrote:
    > Since I don't want to have an unencrypted key on the system I need to
    > enable a passphrase.

    Having a passphrase stored on the hard drive doesn't buy you any security
    improvement over simply having a passphrase-less key. You might as well
    simplify your life and remove the passphrase altogether.

    What it comes down to (as I'm pretty sure you already know, but just
    didn't want to admit to yourself) is that you have two choices:

      1) Unattended booting (no passphrase)
      2) Attended booting (passphrase must be entered every time)

    Any attempt to compromise between these two extremes is just "security
    through obscurity" and adds nothing to your real security.


  • Next message: Christopher.Fouts_at_infineon.com: "RE: HELP please! Why is the agent NOT recognized"

    Relevant Pages

    • [NT] Console Java Applications can Leak Passphrases on Windows
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... or by further smart cards known as Operator Card ... Each card can be further protected by a passphrase, ... brand names include Java support. ...
      (Securiteam)
    • Re: password protect encrypted directory - secure
      ... the passphrase is not something simple like 'eye encrypted it" ... nothing you can do once the laptop is stolen ... your security is only as good as the amount of testing you do to it ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Re: RE: ADS Password Storage Protection
      ... ""Mathematically your passphrase is stronger. ... security, my opinion is that a passphrase really isn't necessary." ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
      (Security-Basics)
    • Re: How can I secure a Debian installation?
      ... it's private key + passphrase that *adds* security because of its ... even a user who picks a weak passphrase has somewhat an increased ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: ALERT: WPA isnt necessarily secure
      ... Any security system which uses a passphrase is vulnerable to a poor choice of passphrase. ... This offline attack should be easier to execute than the WEP attacks. ... Using Random values for the PSK ...
      (alt.internet.wireless)