Re: best practices: public key authentication
- From: Chuck <skilover_nospam@xxxxxxxxxxxxxx>
- Date: Tue, 22 Apr 2008 18:57:17 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nico Kadel-Garcia wrote:
| Chuck wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> I'm curious to find out what others think about pubkey authentication
|> best practices. Assuming your private key is protected with a strong
|> passphrase, is there any value in occasionally regenerating your keypair
|> and replacing your public key on servers that you use pubkey
|> authentication with?
|
| Yes. It helps prevent fascinating man-in-the-middle attacks if you use a
| public key for multiple remote targets, and it reminds you and others to
| discard access you don't need any longer.
What exactly is a "fascinating" man in the middle attack and how does
changing my keypair prevent it? I thought MITM attacks would be detected
by the server's key changing. OpenSSH (and presumably others) warn you
if the key of the server does not match what you've previously known it
to be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with PCLinuxOS - http://enigmail.mozdev.org
iEYEARECAAYFAkgONQ0ACgkQzIf+rZpn0oTdCwCgo6LIxrCnkgQcdmjCe7wxmfbJ
5rwAnjmYeBLztCbvvYxnMEq7RraF2wbS
=5O1W
-----END PGP SIGNATURE-----
.
- Follow-Ups:
- Re: best practices: public key authentication
- From: Nico Kadel-Garcia
- Re: best practices: public key authentication
- References:
- best practices: public key authentication
- From: Chuck
- Re: best practices: public key authentication
- From: Nico Kadel-Garcia
- best practices: public key authentication
- Prev by Date: Re: best practices: public key authentication
- Next by Date: Re: best practices: public key authentication
- Previous by thread: Re: best practices: public key authentication
- Next by thread: Re: best practices: public key authentication
- Index(es):
Relevant Pages
|
|
