Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] deadmanish login?



On 01/30/2017 08:46 PM, Dan Ritter wrote:
> First off, you should be using ssh keys and not passwords.

No, you should be using passwords not keys. (In most cases.)

Protect your password, don't give it to anyone, don't recycle it on 
different sites. A good password can be easy to remember and easy to 
type. As bad as manually typed passwords are the sparkly alternatives 
are almost always worse.

The oh-so-terribly-secure ssh keys everyone likes also need to be 
protected, but they are much harder to protect. They need to be 
encrypted and an encryption key "password" is *very* different from a 
password password.

If your ATM card is like mine it has a 4-digit PIN and that is good 
enough. But a 4-digit encryption key would never be good enough: That's 
how different a password is from an encryption key.  A good encryption 
key passphrase is very difficult to remember and very difficult to type.

A decent ssh password is good enough--it will sustain a brute force 
attack that lasts as long as you are likely to be alive. Using ssh keys 
increases the attack surface. And that ssh key will be at rest, in how 
many places? And what about the passphrase on your ssh key? Do you even 
know how many bits of entropy it has?

-kb, the Kent who also rejects dogma about changing passwords every few 
weeks, rejects dogma about never writing down passwords, rejects dogma 
about not putting dictionary words in  passwords, rejects 
brand-spanking-new dogma recommending everyone use the first and most 
automated password manager that catches their eye, etc.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org