Re: Force non-empty pass-phrase?
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 27 Apr 2006 22:18:49 -0400
"NKG" == Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> writes:
NKG> Richard E. Silverman wrote:
>>>>>>> "mark" == mark <mark@xxxxxxxxxx> writes:
>>
mark> Does anybody know of a way to enforce a policy where ssh key
mark> pass-phrases should not be empty? It is one of the
>> "weaknesses" mark> of ssh as I see it that an administrator can't
>> actually impose mark> this constraint on access to his own server.
>>
>> He can't, because it makes no sense. The server never sees the
>> user's private key. It has no control over where or how the key is
>> stored. It's like suggesting there's a lock out there that can
>> "require" that you not keep the key in your pocket.
NKG> Richard? You could make the lock *REALLY, REALLY, REALLY* big so
NKG> that the key has to be at least as big. But that doesn't sound
NKG> like a good idea, either.
But this assumes the key size scales at least linearly with the size of
the lock... :)
--
Richard Silverman
res@xxxxxxxx
.
- Follow-Ups:
- Re: Force non-empty pass-phrase?
- From: Nico Kadel-Garcia
- Re: Force non-empty pass-phrase?
- References:
- Force non-empty pass-phrase?
- From: mark
- Re: Force non-empty pass-phrase?
- From: Richard E. Silverman
- Re: Force non-empty pass-phrase?
- From: Nico Kadel-Garcia
- Force non-empty pass-phrase?
- Prev by Date: Re: openssh 4.3p2 connection closed problem
- Next by Date: Re: Force non-empty pass-phrase?
- Previous by thread: Re: Force non-empty pass-phrase?
- Next by thread: Re: Force non-empty pass-phrase?
- Index(es):
Relevant Pages
|
|
