Re: Pubkey

From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 11/28/04

  • Next message: Darren Tucker: "Re: X forwarding and X11UseLocalhost"
    Date: Sun, 28 Nov 2004 19:08:41 +0200 (IST)
    To: Harald Nesland <harald@interweb.no>
    
    

    On Sun, 28 Nov 2004, Harald Nesland wrote:
    > Alexander Klimov wrote:
    > > I think a better way is as follows:
    > > -- Kate creates a key pair and sends pubkey to Admin
    > > -- Admin verifies that it is Kate, who sends it, creates an account and adds
    > > the pubkey to authorized_keys
    > > -- Kate now is able to login using her private key and has no password at all
    > > (that is good since it is now impossible to guess her password)
    >
    > The private key ofcourse has to be stored safely. Note that any
    > compromise of a system containing these private keys can lead to a chain
    > of compromises.

    Well, private key has to be encrypted with password and probably stored on
    removable media. Of course, it does not help if some keylogger (and a program to
    copy private key file) is installed by the intruder, OTOH it seams that in this
    attack scenario only some additional "device" can save you (e.g., SecureID or a
    printed list of one time passwords).

    -- 
    Regards,
    ASK
    

  • Next message: Darren Tucker: "Re: X forwarding and X11UseLocalhost"

    Relevant Pages

    • Re: Does IBE or ECC crypto switch to a traditional symmetric scheme for bulk data?
      ... >> HSM where the host computer never needs to know what the private key ... > The only HSM with which I am familiar is the Fortezza card. ... If there is a compromise on ...
      (sci.crypt)
    • Re: The Poly1305-AES message-authentication code
      ... to use Diffie-Hellman key exchange with a static shared secret. ... there will usually still be a long-lived private key to protect. ... of my private key won't necessarily compromise past and future sessions. ...
      (sci.crypt)
    • Re: Pubkey
      ... Alexander Klimov wrote: ... > the pubkey to authorized_keys ... The private key ofcourse has to be stored safely. ... compromise of a system containing these private keys can lead to a chain ...
      (SSH)
    • Re: Forward secrecy from two RNGs
      ... >> compromise of Carol's data didn't depend on a single point of failure, ... >> Sue's RNG both being compromised doesn't really worry me, ... both of Sue's long-term private key or Sue's RNG is ...
      (sci.crypt)
    • Re: 3des encryption question
      ... they can match the text to the crypto text and get the key back. ... > if someone knows the original and encrypted form of some information that ... > have encrypted with my private key using 3des in .net, ...
      (microsoft.public.dotnet.framework.aspnet.security)