[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org
|
From: |
Jim Meyering |
|
Subject: |
Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade |
|
Date: |
Mon, 21 Feb 2011 18:27:37 +0100 |
Bernie Innocenti wrote:
> On Mon, 2011-02-21 at 10:54 +0100, Jim Meyering wrote:
>> ??
>> Sure it does. It adds a layer.
>> With it, an attacker needs both GPG *and* ssh keys.
>
> Well, but whoever could steal your private ssh key could also steal your
> private gpg key with the same ease, as they both reside in your $HOME,
> often protected with the same password.
Doesn't sound like you're joking...
Please, never reuse passphrases for such important things.
Even if someone key-logs or shoulder-surfs[*] my ssh passphrase,
they'll still have to get my private key, and none of that will
help them get my gpg passphrase or *its* private key.
Besides, people who are really serious about security use a
GPG private key that resides only within a physical smart-card.
We can't be too paranoid... if my system were to be cracked, it'd
be way too easy for someone to do something nasty right as I'm
making a coreutils release, that I would then gpg-sign and upload.
No one audits those 50K-line configure scripts. I would hate to
be responsible for that.
Jim
[*] Shoulder surfing and keylogging are not likely to affect me,
since I work from home. Though I have no illusions: if a 3-letter
agency wants my keys, they'll find a way.
- [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Sylvain Beucler, 2011/02/16
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/16
- Message not available
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Sylvain Beucler, 2011/02/20
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/20
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/20
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/20
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade,
Jim Meyering <=
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/22
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Michael J. Flickinger, 2011/02/22
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/22
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/22