Re: ssh, passphrases and stdin
From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 08/25/04
- Previous message: David E. Meier: "ssh, passphrases and stdin"
- In reply to: David E. Meier: "ssh, passphrases and stdin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Aug 2004 07:41:33 -0400 To: "David E. Meier" <dev@eth0.ch>
On Tue, Aug 24, 2004 at 06:05:55PM +0200, David E. Meier wrote:
> Since I don't want to have an unencrypted key on the system I need to
> enable a passphrase.
Having a passphrase stored on the hard drive doesn't buy you any security
improvement over simply having a passphrase-less key. You might as well
simplify your life and remove the passphrase altogether.
What it comes down to (as I'm pretty sure you already know, but just
didn't want to admit to yourself) is that you have two choices:
1) Unattended booting (no passphrase)
2) Attended booting (passphrase must be entered every time)
Any attempt to compromise between these two extremes is just "security
through obscurity" and adds nothing to your real security.
- Previous message: David E. Meier: "ssh, passphrases and stdin"
- In reply to: David E. Meier: "ssh, passphrases and stdin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
