Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

[Adam Williamson]

On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
> 
> > Sure there is. There's the exact same problem as using the same password
> > across multiple projects: if someone compromises the key they have
> > compromised all of those projects. If you use a different key for each
> > project, an attacker can only compromise one project with any given key.
> 
> To compromise  my SSH key they need to compromise the location where my
> key is stored and the key encryption passprase. 

Sure. However, if you have multiple keys with multiple passphrases, then
it's extra work to compromise each key. It is also possible, if you use
multiple keys for multiple systems, that you do not need to store every
key you own on every system you use. To take the possible real-world
example I raised...

let's say you have an account on kernel.org and one on linux.com. It may
make some kind of sense to your workflow for you to keep the private key
you use to access linux.com in your home directory on kernel.org. Now,
if the key in question is 'your single personal key you use for
everything', then if someone compromises kernel.org and then compromises
the key you have stored there, they have now compromised everything you
have access to, as you use that single key for everything.

Say the key in question is 'the key you use specifically for linux.com',
and you didn't choose to store any other of your private keys on
kernel.org because you'd never need to access any other systems from
kernel.org, you have now successfully mitigated the scope of the attack
to kernel.org and linux.com but _not_ any of the other systems you have
access to (and use different keys for, keys which you did not store on
kernel.org).
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net