Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Jon Ciesla limb at jcomserv.net
Wed Oct 12 19:22:31 UTC 2011


> ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla:
>
>>  Plus, you could have multiple
>> keys, all with the same passphrase, for different things, should you so
>> desire.
>
> That's effectively one shared key for all. If one of them are
> compromized them most likely all of them are, as the attacker clearly
> gained access to both
>
>   - The storage locaiton where the keys were stored
>   - The encryption key (passphrase)
>
> And if an attacker managed to gain access to this combination for any of
> your keys it's likely he also gains access to the others.

Agreed, it's a bad idea.  I was just throwing it out there as one nod to
convenience.  I don't do it.

-J

> Regards
> Henrik
>


-- 
in your fear, seek only peace
in your fear, seek only love

-d. bowie



More information about the devel mailing list