Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Adam Williamson awilliam at redhat.com
Thu Oct 13 17:16:51 UTC 2011


On Thu, 2011-10-13 at 09:12 +0100, Richard W.M. Jones wrote:
> On Wed, Oct 12, 2011 at 12:48:57PM -0700, Adam Williamson wrote:
> > Sure. However, if you have multiple keys with multiple passphrases, then
> > it's extra work to compromise each key.
> 
> Not true at all.  If I keep my key(s) in a single location (a secure
> machine at my home), then either all keys in that location are secure
> or they've all been compromised.  Someone with a rootkit on that
> machine can capture all of my keys and all of my passphrases.

A rootkit is one kind of compromise, sure. I outlined another kind in an
earlier reply to a similar objection. (Here's another one: you keep your
Single Key For Everything or your Giant Key Collection on a USB key, and
the USB key gets swiped. Yes, yes, I know, the key should be
encrypted...sigh.)

> > let's say you have an account on kernel.org and one on linux.com. It
> > may make some kind of sense to your workflow for you to keep the
> > private key you use to access linux.com in your home directory on
> > kernel.org.
> 
> If you do this, you're doing it wrong.

It's been pretty well established by now that lots of people do security
wrong all the time. Just saying 'everyone who's doing it wrong loses and
the only scenario we care about is the one in which everyone does it
right' is ludicrous.

The point is that there are actual plausible scenarios in which using
multiple keys results in a less catastrophic outcome than using a single
key for everything. That's all I ever claimed. I did not claim any of
the hypothetical examples I presented were cases of best security
practice.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list