 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Kent Borg wrote: > I see periodic recommendations about passwords that say not to use > passwords because a nice long ssh key is much more secure. Am I silly > to be as worried as I am by logins via key files? > > Currently I login with passwords that are secure*, and I don't type them > on keyboards I don't trust (therefore I don't type personal passwords on > my Windows machine at work). Keyfiles, on the other hand, need to be > stored in plain text on the authorized machine. That gives me the > willies. Should it? Only if you're also using "passphrase-less" keys. Supposing you use a key that is as secure as your passwords are (and treat your key passphrase exactly like you treat your current password), then you have two factor authentication, and it is more secure. Now they have "have" something (your key), and "know" something (your passphrase). That's generally thought to be more secure than just a password (especially since it's completely infeasible to discover the key by brute-force). Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
