[Discuss] deadmanish login?

[Daniel Barrett]

On January 31, 2017, Kent Borg wrote:
>The oh-so-terribly-secure ssh keys [...] need to be encrypted and an
>encryption key "password" is *very* different from a password
>password.

Hmm, I don't understand this reasoning, at least for the average Linux
user. Given a high-entropy string (say, "4rtichoke BOMBER snerdly
festooon?" or whatever), I'd much rather use that string as a key
passphrase than as a login password. Key-based authentication requires
two secrets to crack, instead of one password. It also lets me type a
passphrase once and authenticate to multiple machines all day. The more
times you type a password, the more opportunity for a third party to
observe it.

>If your ATM card is like mine it has a 4-digit PIN and that is good 
>enough. But a 4-digit encryption key would never be good enough [...]

That's an ironic analogy because the combination of ATM card + PIN is,
from a UI perspective, analogous to SSH secret key + passphrase.  The
internal workings are obviously different, but both are combinations
of something you have (card or key) plus something you know (PIN or
passphrase). Your 4-digit PIN is secure enough only because the card
is required. It's trivially easy to shoulder-surf and memorize
someone's ATM or smartphone PIN because they're so short, but without
the card or phone, a criminal can't use the PIN.

>Using ssh keys increases the attack surface. And that ssh key will be
>at rest, in how many places?

In just one place, in a single ~/.ssh directory. (Plus backups.)
That's roughtly the same as /etc/password plus backups.

If you mean how many places will contain the public part of the key,
then dozens, but it's not a secret.

--
Dan Barrett
dbarrett at blazemonger.com