Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Adam Williamson
awilliam at redhat.com
Wed Oct 12 19:20:09 UTC 2011
On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>
> > Lots of people use and share keys across different projects.
>
> There is no security issue in sharing kes across different projects,
Sure there is. There's the exact same problem as using the same password
across multiple projects: if someone compromises the key they have
compromised all of those projects. If you use a different key for each
project, an attacker can only compromise one project with any given key.
Sure, ssh keys are much harder to compromise than passwords, but
_assuming a compromise has happened_ the consequences of using a single
key for everything are just as bad as using a single password for
everything.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list