Re: If I am paranoid, should I do it?
From: Bill Unruh (unruh@physics.ubc.ca)Date: 12/13/01
- Next message: Richard E. Silverman: "Re: SSH proxy"
- Previous message: Kuk Helvstrom: "SSH proxy"
- In reply to: User: "If I am paranoid, should I do it?"
- Next in thread: Richard E. Silverman: "Re: If I am paranoid, should I do it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: unruh@physics.ubc.ca (Bill Unruh) Date: 13 Dec 2001 17:59:44 GMT
In <3c18b124$0$376$ba620e4c@news.skynet.be> "User" <user@domaine.be> writes:
]Hello,
]man sshd gives this
](...)
] -k key_gen_time
] Specifies how often the server key is regenerated (default 3600
] seconds, or one hour). The motivation for regenerating the key
] fairly often is that the key is not stored anywhere, and after
] about an hour, it becomes impossible to recover the key for de
] crypting intercepted communications even if the machine is
] cracked into or physically seized. A value of zero indicates
] that the key will never be regenerated.
](...)
]Should I decreasing the time?
Sure. Decrease it to 1 millisecond. That way you will not have to worry
about leaking any communications at all, and you will be safe.
Sorry for the sarcasm, but why do you want to decrease it? Security is
not a thumb and blanket, which the more you suck the more secure you
are. You need to rationally think about who your credible enemies are,
what their likely abilities are and what you want to protect.
- Next message: Richard E. Silverman: "Re: SSH proxy"
- Previous message: Kuk Helvstrom: "SSH proxy"
- In reply to: User: "If I am paranoid, should I do it?"
- Next in thread: Richard E. Silverman: "Re: If I am paranoid, should I do it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
