Re: Pubkey
From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 11/28/04
- Previous message: Harald Nesland: "Re: Pubkey"
- In reply to: Harald Nesland: "Re: Pubkey"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Nov 2004 19:08:41 +0200 (IST) To: Harald Nesland <harald@interweb.no>
On Sun, 28 Nov 2004, Harald Nesland wrote:
> Alexander Klimov wrote:
> > I think a better way is as follows:
> > -- Kate creates a key pair and sends pubkey to Admin
> > -- Admin verifies that it is Kate, who sends it, creates an account and adds
> > the pubkey to authorized_keys
> > -- Kate now is able to login using her private key and has no password at all
> > (that is good since it is now impossible to guess her password)
>
> The private key ofcourse has to be stored safely. Note that any
> compromise of a system containing these private keys can lead to a chain
> of compromises.
Well, private key has to be encrypted with password and probably stored on
removable media. Of course, it does not help if some keylogger (and a program to
copy private key file) is installed by the intruder, OTOH it seams that in this
attack scenario only some additional "device" can save you (e.g., SecureID or a
printed list of one time passwords).
-- Regards, ASK
- Previous message: Harald Nesland: "Re: Pubkey"
- In reply to: Harald Nesland: "Re: Pubkey"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
